3242 matches found
CVE-2020-36829
The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...
PT-2024-3925 · Unknown +2 · Mojolicious +2
Name of the Vulnerable Software and Affected Versions: Mojolicious module versions 1.74 through 8.64 Description: The issue is related to a timing attack vulnerability in the secure compare function of the Mojolicious module for Perl. This vulnerability allows an attacker to manipulate unknown...
CVE-2020-36829
CVE-2020-36829 affects the Mojolicious Perl module prior to 8.65, with the secure_compare timing attack enabling an attacker to infer the length of a secret string (only versions after 1.74 are affected). Connected advisories confirm affected software and fixes: Debian LTS advisory DLA-3846-1 sta...
CVE-2020-36829
The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...
CVE-2024-1729
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...
CVE-2024-1729
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...
CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...
CVE-2024-1729 Timing Attack Vulnerability in gradio-app/gradio
A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...
CVE-2024-1729
The CVE-2024-1729 entry concerns a timing-attack vulnerability in gradio-app/gradio, specifically in the login workflow (routes.py) where credentials are validated with a direct comparison (app.auth[username] == password). This timing discrepancy can allow an attacker to guess valid credentials b...
Gradio 安全漏洞
Gradio is an open source Python library that is a way to demonstrate machine learning models through a friendly web interface. Gradio suffers from a security vulnerability that stems from a password checking condition that is susceptible to a timing attack to guess passwords...
MGASA-2024-0094 Updated thunderbird packages fix security vulnerabilities
Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...
Updated thunderbird packages fix security vulnerabilities
Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...
MGASA-2024-0092 Updated nss firefox, nss packages fix security vulnerabilities
Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...
Updated nss firefox, nss packages fix security vulnerabilities
Crash in NSS TLS method. CVE-2024-0743 JIT code failed to save return registers on Armv7-A. CVE-2024-2607 Integer overflow could have led to out of bounds write. CVE-2024-2608 Improve handling of out-of-memory conditions in ICU. CVE-2024-2616 NSS susceptible to timing attack against RSA decryptio...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...
firefox security update
An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...
SUSE-SU-2024:1002-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 bsc1221850. - CVE-2024-29944: Privileged JavaScript Execution via Event Handlers bmo1886852. Firefox Extended Support Release 115.9.0 ESR bsc1221327: - CVE-2024-0743: Crash in N...
Fedora 38 : thunderbird (2024-5d080305ab)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-5d080305ab advisory. Update to 115.9.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-14/ https://www.thunderbird.net/en-US/thunderbird/115.9.0/releasenotes/...
nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin)
A flaw was found in Node.js. The privateDecrypt API of the crypto library may allow a covert timing side-channel during PKCS1 v1.5 padding error handling. This issue revealed significant timing differences in decryption for valid and invalid ciphertexts, which may allow a remote attacker to decry...
PT-2024-12445 · Ibm · Ibm Common Cryptographic Architecture
Name of the Vulnerable Software and Affected Versions: IBM Common Cryptographic Architecture versions 7.0.0 through 7.5.36 Description: Under certain conditions, RSA operations performed by the software may exhibit non-constant-time behavior, allowing a remote attacker to obtain sensitive...