Lucene search
K

3242 matches found

Snyk
Snyk
added 2023/12/05 4:16 p.m.2 views

Timing Attack

Overview std/crypto/tls is a Go standard library package std/crypto/tls Affected versions of this package are vulnerable to Timing Attack. Go Vulnerability Report: via the crypto/tls process. An attacker can recover session key bits by exploiting timing information leaked during the removal of...

8.7CVSS6.5AI score0.0125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/12/04 12:0 a.m.43 views

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : Request Tracker vulnerabilities (USN-6529-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6529-1 advisory. It was discovered that Request Tracker incorrectly handled certain inputs. If a user or an automated system were...

7.5CVSS6.9AI score0.01707EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/11/30 2:4 a.m.0 views

SUSE CVE-2023-49092

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...

5.9CVSS6.4AI score0.00605EPSS
Exploits0References3
OSV
OSV
added 2023/11/28 12:15 p.m.4 views

AZL-32048 CVE-2023-5981 affecting package gnutls for versions less than 3.7.11-1

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.7AI score0.01257EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/11/23 12:0 a.m.24 views

Debian: Security Advisory (DLA-3660-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7AI score0.01257EPSS
Exploits0References4
Debian
Debian
added 2023/11/22 7:12 p.m.34 views

[SECURITY] [DLA 3660-1] gnutls28 security update

Debian LTS Advisory DLA-3660-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 22, 2023 https://wiki.debian.org/LTS Package : gnutls28 Version : 3.6.7-4+deb10u11 CVE ID : CVE-2023-5981 Debian Bug : 1056188 A vulnerability was found in GnuTLS, a secure...

5.9CVSS6.6AI score0.01257EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2023/11/09 12:36 a.m.20 views

CVE-2023-20902 Timing attack risk in Harbor

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information...

5.9CVSS6.7AI score0.00373EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/11/09 12:36 a.m.32 views

CVE-2023-20902 Timing attack risk in Harbor

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and retrieve job task information...

5.9CVSS6.5AI score0.00373EPSS
Exploits1References1
Veracode
Veracode
added 2023/11/01 4:14 a.m.16 views

Timing Attack

generator-jhipster is vulnerable to a Timing Attack. The vulnerability exists because the TokenProvider.java uses String.equalsstr to compare the given token-signature. This comparison method does not effectively validate the token because it stops as soon as it encounters the first character tha...

7.5CVSS6.9AI score0.00593EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/10/31 3:31 a.m.20 views

GHSA-4GPM-R23H-GPRW generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7.5CVSS7.4AI score0.00593EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/10/31 3:31 a.m.25 views

generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7.5CVSS6.5AI score0.00593EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2023/10/31 3:15 a.m.19 views

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7.5CVSS7.5AI score0.00593EPSS
Exploits0References4
Prion
Prion
added 2023/10/31 3:15 a.m.16 views

Design/Logic Flaw

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

5CVSS7AI score0.00593EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/31 12:0 a.m.9 views

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7AI score0.00593EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/31 12:0 a.m.5 views

PT-2023-10311 · Jhipster · Generator-Jhipster

Name of the Vulnerable Software and Affected Versions: JHipster generator-jhipster versions prior to 2.23.0 Description: The issue allows for a timing attack against the validateToken function due to a string comparison that stops at the first different character. This enables attackers to guess...

7.5CVSS7.4AI score0.00593EPSS
Exploits0References7
CVE
CVE
added 2023/10/31 12:0 a.m.71 views

CVE-2015-20110

Summary : CVE-2015-20110 affects the JHipster generator-jhipster before 2.23.0. The root cause is a token validation routine that compares strings using a short-circuiting comparison, leaking timing information. This allows attackers to brute-force tokens one character at a time by observing resp...

7.5CVSS7.4AI score0.00593EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.3 views

JHipster Security Vulnerabilities

JHipster is an open source application generator that focuses on developing web applications and microservices using Angular or React and Spring Framework. A security vulnerability exists in JHipster Generator-jhipster version prior to 2.23.0, which stems from a timing attack allowed on...

7.5CVSS6.7AI score0.00593EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/10/31 12:0 a.m.23 views

CVE-2015-20110

JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces t...

7.5AI score0.00593EPSS
Exploits0References4
CVE
CVE
added 2023/10/25 1:45 p.m.69 views

CVE-2023-46656

CVE-2023-46656 affects Jenkins Multibranch Scan Webhook Trigger Plugin versions 1.0.9 and earlier. The root cause is a non-constant time comparison when verifying the webhook token, which can enable attackers to use statistical methods to determine a valid token. Public references (including Red ...

5.3CVSS5.1AI score0.00557EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/23 12:0 a.m.1 views

UBUNTU-CVE-2023-5388

NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could potentially allow an attacker to recover the private data. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

6.5CVSS6.7AI score0.00816EPSS
Exploits0References8
Rows per page
Query Builder