Lucene search
K

3242 matches found

BDU FSTEC
BDU FSTEC
added 2023/10/22 12:0 a.m.3 views

The vulnerability of the transport-layer cryptographic library GnuTLS, related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect PKCS#1 additional fields, allows a attacker to recover the decryption key for messages.

The vulnerability of the transport-layer cryptographic library GnuTLS is related to differences in response times when processing RSA encryption text in the ClientKeyExchange message, with both correct and incorrect additional PKCS1 fields. Exploiting this vulnerability could allow a malicious...

7.4CVSS6.9AI score0.01403EPSS
Exploits1References14Affected Software7
Veracode
Veracode
added 2023/10/16 11:49 a.m.12 views

Timing Attack

Harbor is vulnerable to timing attacks. The vulnerability is due the comparison of secrets which are not run in constant time. This allows an attacker to decipher response times for cryptographic calculation and secret enumeration, which can result in sensitive information disclosure...

6.5CVSS6.6AI score0.00373EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/10/11 5:20 a.m.19 views

Side Channel Attack

libcryptopp.so is vulnerable to Timing Attack. The vulnerability arises from non-constant time scalar multiplication in ecp.cpp prime field curves with small leakage and algebra.cpp binary field curves with large leakage. This leakage allows an attacker to measure the duration of hundreds to...

5.9CVSS6.8AI score0.03245EPSS
Exploits1References10Affected Software1
OSV
OSV
added 2023/10/10 9:29 p.m.32 views

GHSA-MQ6F-5XH5-HGCF Harbor timing attack risk

In the Harbor jobservice container, the comparison of secrets in the authenticator type is prone to timing attacks. The vulnerability occurs due to the following code: https://github.com/goharbor/harbor/blob/aaea068cceb4063ab89313d9785f2b40f35b0d63/src/jobservice/api/authenticator.goL69-L69 To...

5.9CVSS6AI score0.00373EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/10/10 9:29 p.m.32 views

Harbor timing attack risk

In the Harbor jobservice container, the comparison of secrets in the authenticator type is prone to timing attacks. The vulnerability occurs due to the following code: https://github.com/goharbor/harbor/blob/aaea068cceb4063ab89313d9785f2b40f35b0d63/src/jobservice/api/authenticator.goL69-L69 To...

6.5CVSS6.3AI score0.00373EPSS
Exploits1References7Affected Software1
Veracode
Veracode
added 2023/10/10 8:26 a.m.410 views

Timing Attack

python is vulnerable to Timing Attack. The vulnerability is caused by a loophole in hmac.comparedigest function making it deviate from constant time operation. An attacker can mount a timing attack by exploiting the accumulator variable result in the hmac.comparedigest function...

5.9CVSS5.8AI score0.01148EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.7 views

PT-2023-17692 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.6.x and earlier Harbor versions 2.7.2 and earlier Harbor versions 2.8.2 and earlier Harbor versions 1.10.17 and earlier Description: A timing condition in Harbor allows an attacker with network access to create jobs, stop jo...

6.5CVSS6.8AI score0.00373EPSS
Exploits1References13
Ubuntu
Ubuntu
added 2023/09/27 12:49 p.m.378 views

USN-6400-1: Python vulnerability

It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information...

5.9CVSS7.1AI score0.01148EPSS
Exploits1
OSV
OSV
added 2023/09/27 12:49 p.m.8 views

USN-6400-1 python2.7, python3.5 vulnerability

It was discovered that Python did not properly provide constant-time processing for a crypto operation. An attacker could possibly use this issue to perform a timing attack and recover sensitive information...

5.9CVSS6.7AI score0.01148EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2023/09/27 12:0 a.m.18 views

Ubuntu: Security Advisory (USN-6400-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.7AI score0.01148EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/09/14 2:9 a.m.1 views

SUSE CVE-2023-4421

The NSS code used for checking PKCS1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected...

6.5CVSS8.4AI score0.00628EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.26 views

Oracle Linux 7 : ovmf (ELSA-2019-2125)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-2125 advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing atta...

9.8CVSS7.2AI score0.03418EPSS
Exploits4References11
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.31 views

Oracle Linux 7 : openssl (ELSA-2019-2304)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-2304 advisory. - fix CVE-2018-0734 - DSA signature local timing side channel - fix CVE-2019-1559 - 0-byte record padding oracle Tenable has extracted the preceding...

5.9CVSS6.6AI score0.17139EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/09/05 6:37 p.m.3 views

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.8AI score0.00584EPSS
Exploits0References4
Veracode
Veracode
added 2023/08/30 10:30 p.m.38 views

Timing Attack

python3.9 is vulnerable to Improper Access Control. The vulnerability exists due to a flaw in the way the hmac.comparedigest function in the Lib/hmac.py module compares two message digests. An attacker can exploit this vulnerability to distinguish between different message digests, which could be...

5.9CVSS6.5AI score0.01148EPSS
Exploits1References5Affected Software4
CNNVD
CNNVD
added 2023/08/22 12:0 a.m.3 views

Python 竞争条件问题漏洞

Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python 3.9.1, which stems from the fact that the Comparedigest accumulator...

5.9CVSS6.9AI score0.01148EPSS
Exploits1References8
NVD
NVD
added 2023/08/16 9:15 p.m.19 views

CVE-2023-40021

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

5.3CVSS5.3AI score0.00646EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/08/16 8:25 p.m.20 views

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

5.3CVSS5.3AI score0.00646EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/08/16 8:25 p.m.23 views

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

5.3CVSS5.5AI score0.00646EPSS
Exploits1References4
CVE
CVE
added 2023/08/16 8:25 p.m.64 views

CVE-2023-40021

CVE-2023-40021 affects Oppia: timing-attack CSRF token validation using string equality in CsrfTokenManager.is_csrf_token_valid allows an attacker to brute-force the token character-by-character via lure-and-traud site, enabling forged actions in a logged-in user’s session. Impact includes profil...

5.3CVSS5.3AI score0.00646EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder