Lucene search
K

3242 matches found

Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.3 views

PT-2024-2174 · Libgcrypt +4 · Libgcrypt +4

Name of the Vulnerable Software and Affected Versions: libgcrypt affected versions not specified Description: A timing-based side-channel flaw was found in libgcrypt's RSA implementation, which may allow a remote attacker to initiate a Bleichenbacher-style attack. This can lead to the decryption ...

5.9CVSS6.6AI score0.01114EPSS
Exploits0References52
RedHat Linux
RedHat Linux
added 2024/03/05 8:5 p.m.3 views

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

5.9CVSS6.6AI score0.93305EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2024/03/05 8:23 a.m.3 views

gnutls: incomplete fix for CVE-2023-5981

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange,...

7.5CVSS6.7AI score0.01614EPSS
Exploits1References6
Amazon
Amazon
added 2024/03/05 12:0 a.m.2 views

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK ke...

7.5CVSS6.7AI score0.01614EPSS
Exploits1
Amazon
Amazon
added 2024/03/05 12:0 a.m.5 views

Medium: gnutls

Issue Overview: A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK ke...

7.5CVSS7.2AI score0.01614EPSS
Exploits1
OSV
OSV
added 2024/02/27 9:36 a.m.4 views

SUSE-SU-2024:0638-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust bsc1218862. - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data bsc1218865...

7.5CVSS7.4AI score0.01614EPSS
Exploits2References5
OSV
OSV
added 2024/02/27 1:8 a.m.5 views

MGASA-2024-0049 Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References5
Mageia
Mageia
added 2024/02/27 1:8 a.m.58 views

Updated rootcerts, nss and firefox packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Timing attack against RSA decryption in TLS. CVE-2023-5388 Out-of-bounds memory read in networking channels. CVE-2024-1546 Alert dialog could have been spoofed on another site. CVE-2024-1547 Fullscreen Notification could have been hidden by selec...

8.1CVSS7.6AI score0.00937EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2024/02/27 12:0 a.m.59 views

RHEL 9 : OpenShift Container Platform 4.15.z (RHSA-2023:7200)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7200 advisory. Red Hat build of MicroShift is Red Hat's light-weight Kubernetes orchestration solution designed for edge device deployments and is built fr...

7.5CVSS7.5AI score0.99999EPSS
Exploits19References34
NVD
NVD
added 2024/02/26 4:27 p.m.18 views

CVE-2024-0436

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

7.1CVSS7AI score0.0048EPSS
Exploits0References2
OSV
OSV
added 2024/02/26 4:27 p.m.11 views

CVE-2024-0436

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

5.9CVSS6.3AI score
Exploits0References2
Prion
Prion
added 2024/02/26 4:27 p.m.11 views

Design/Logic Flaw

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

5.5CVSS7.7AI score0.0048EPSS
Exploits0References2
CVE
CVE
added 2024/02/25 4:25 p.m.116 views

CVE-2024-0436

Technical details (affected product/version, root cause specifics, exploit scenarios, or remediation) are not publicly available in the provided Connected documents. Monitor for updates from NVD/Red Hat/OSV and other feeds to obtain concrete data.

7.1CVSS6.4AI score0.0048EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/25 4:25 p.m.12 views

CVE-2024-0436 Prevent timing attack for single-user password check

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

7.1CVSS5.9AI score0.0048EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/25 4:25 p.m.27 views

CVE-2024-0436 Prevent timing attack for single-user password check

Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison. The risk is minified by the additional overhead of the request, which varies in a...

7.1CVSS7.2AI score0.0048EPSS
Exploits0References2
Veracode
Veracode
added 2024/02/23 1:28 p.m.18 views

Timing Attack

gradio is vulnerable to Timing Attack. The vulnerability is due to string comparisons in Python terminating early upon encountering a string mismatch. This allows an attacker to take advantage of the default lack of rate-limiting, to brute-force the correct username and password of an account...

5.9CVSS7.1AI score0.00497EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/02/22 10:9 p.m.7 views

GHSA-HMX6-R76C-85G9 Gradio apps vulnerable to timing attacks to guess password

Impact This security policy is with regards to a timing attack that allows users of Gradio apps to potentially guess the password of password-protected Gradio apps. This relies on the fact that string comparisons in Python terminate early, as soon as there is a string mismatch. Because Gradio app...

5.9CVSS6.1AI score0.00497EPSS
Exploits1References6
OSV
OSV
added 2024/02/22 7:7 p.m.6 views

SUSE-SU-2024:0597-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...

6.5CVSS7.5AI score0.00816EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.2 views

PT-2024-40455 · Pypqc · Pypqc

Name of the Vulnerable Software and Affected Versions: PyPQC versions prior to 0.0.6.1 Description: An attacker able to submit many decapsulation requests against a single private key, and to gain timing information about the decapsulation, could recover the private key. A proof-of-concept exploi...

8.2CVSS7AI score
Exploits0References11
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.6 views

PT-2024-18257 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 4.19.2 Description: A timing attack vulnerability exists in the login function, specifically within the routes.py file, due to the use of a direct comparison operation app.authusername == password to validate user...

5.9CVSS5.7AI score0.00497EPSS
Exploits1References11
Rows per page
Query Builder