Lucene search
K

3242 matches found

OSV
OSV
added 2024/02/21 10:44 a.m.9 views

SUSE-SU-2024:0579-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...

6.5CVSS7.5AI score0.00816EPSS
Exploits0References3
OSV
OSV
added 2024/02/21 10:44 a.m.10 views

SUSE-SU-2024:0578-1 Security update for mozilla-nss

This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...

6.5CVSS7.5AI score0.00816EPSS
Exploits0References3
Snyk
Snyk
added 2024/02/20 3:31 p.m.3 views

Observable Discrepancy

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response...

6.9CVSS6.8AI score0.00527EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.2 views

PT-2024-21321 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.26 Liferay DXP versions prior to 7.4 update 27 Liferay DXP versions prior to 7.3 update 8 Liferay DXP versions prior to 7.2 fix pack 20 Description: The issue allows remote attackers to determine if...

5.3CVSS7.3AI score0.00527EPSS
Exploits0References10
OSV
OSV
added 2024/02/11 3:15 a.m.1 views

UBUNTU-CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

9.8CVSS5.8AI score0.00814EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2024/02/09 11:15 p.m.179 views

CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

5.9CVSS6.1AI score0.00539EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/09 10:25 p.m.22 views

CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

5.9CVSS5.8AI score0.00539EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/09 10:25 p.m.94 views

CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

5.9CVSS6.6AI score0.00539EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2024/02/09 10:25 p.m.316 views

CVE-2023-6935

wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...

5.9CVSS5.6AI score0.00539EPSS
Exploits0
OSV
OSV
added 2024/02/08 5:15 p.m.1 views

DEBIAN-CVE-2024-25189

libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS8.5AI score0.00954EPSS
Exploits1References1
OSV
OSV
added 2024/02/08 5:15 p.m.1 views

UBUNTU-CVE-2024-25191

php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...

9.8CVSS5.8AI score0.0089EPSS
Exploits1References3
Veracode
Veracode
added 2024/02/08 5:44 a.m.23 views

Timing Attack

pulsar-broker-auth-sasl is vulnerable to a Timing Attack. The vulnerability is due to the verifyAndExtract function within SaslRoleTokenSigner.java because it take different amounts of time to return false depending on how many characters it needs to compare before finding a mismatch. This...

7.4CVSS7.2AI score0.00763EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.39 views

CentOS 8 : openssl (CESA-2023:1405)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
Prion
Prion
added 2024/02/07 10:15 a.m.16 views

Buffer overflow

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

4CVSS7.2AI score0.00763EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/07 9:18 a.m.22 views

CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

7.4CVSS7.5AI score0.00763EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/07 9:18 a.m.18 views

CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification

Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...

7.4CVSS6.7AI score0.00763EPSS
Exploits0References2
Veracode
Veracode
added 2024/02/06 2:50 p.m.35 views

Bleichenbacher Timing Attack

M2Crypto is vulnerable to Bleichenbacher Timing Attack. The vulnerability is due insecure padding schemes, resulting in the exposure of confidential or sensitive data...

7.5CVSS6.9AI score0.01124EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/02/05 9:30 p.m.5 views

GHSA-944J-8CH6-RF6X m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...

5.9CVSS6.1AI score0.01124EPSS
Exploits0References5
OSV
OSV
added 2024/02/05 9:15 p.m.5 views

CVE-2024-0202

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

5.9CVSS5.7AI score0.00311EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/05 8:44 p.m.280 views

CVE-2024-0202 Cryptlib: rsa key exchange ciphersuites in tls vulnerable to marvin attack

A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...

5.9CVSS6.2AI score0.00311EPSS
Exploits0References1
Rows per page
Query Builder