3242 matches found
SUSE-SU-2024:0579-1 Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...
SUSE-SU-2024:0578-1 Security update for mozilla-nss
This update for mozilla-nss fixes the following issues: Update to NSS 3.90.2: - CVE-2023-5388: Fixed timing attack against RSA decryption in TLS bsc1216198...
Observable Discrepancy
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Observable Discrepancy via the authentication process. An attacker can obtain information about the existence of user accounts by analyzing differences in response...
PT-2024-21321 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.3.26 Liferay DXP versions prior to 7.4 update 27 Liferay DXP versions prior to 7.3 update 8 Liferay DXP versions prior to 7.2 fix pack 20 Description: The issue allows remote attackers to determine if...
UBUNTU-CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
CVE-2023-6935 Marvin Attack vulnerability in SP Math All RSA
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
CVE-2023-6935
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSLSTATICRSA" The define “WOLFSSLSTATICRSA” enables static RSA cipher suites, which is n...
DEBIAN-CVE-2024-25189
libjwt 1.15.3 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
UBUNTU-CVE-2024-25191
php-jwt 1.0.0 uses strcmp which is not constant time to verify authentication, which makes it easier to bypass authentication via a timing side channel...
Timing Attack
pulsar-broker-auth-sasl is vulnerable to a Timing Attack. The vulnerability is due to the verifyAndExtract function within SaslRoleTokenSigner.java because it take different amounts of time to return false depending on how many characters it needs to compare before finding a mismatch. This...
CentOS 8 : openssl (CESA-2023:1405)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in ...
Buffer overflow
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...
CVE-2023-51437 Apache Pulsar: Timing attack in SASL token signature verification
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider...
Bleichenbacher Timing Attack
M2Crypto is vulnerable to Bleichenbacher Timing Attack. The vulnerability is due insecure padding schemes, resulting in the exposure of confidential or sensitive data...
GHSA-944J-8CH6-RF6X m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data...
CVE-2024-0202
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...
CVE-2024-0202 Cryptlib: rsa key exchange ciphersuites in tls vulnerable to marvin attack
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS by setting the USERSASUITES define, it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is...