Lucene search
K

3242 matches found

OSV
OSV
added 2023/08/16 8:25 p.m.36 views

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

5.3CVSS5.7AI score0.00646EPSS
Exploits1References6
OSV
OSV
added 2023/08/16 3:15 p.m.3 views

CVE-2023-40343

Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token...

5.9CVSS5.8AI score0.00494EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/16 12:0 a.m.6 views

PT-2023-27216 · Oppia · Oppia

Name of the Vulnerable Software and Affected Versions: Oppia versions prior to 3.3.2-hotfix-2 Description: Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. B...

5.3CVSS5.3AI score0.00646EPSS
Exploits1References9
Kitploit
Kitploit
added 2023/08/14 12:30 p.m.109 views

Chimera - Automated DLL Sideloading Tool With EDR Evasion Capabilities

While DLL sideloading can be used for legitimate purposes, such as loading necessary libraries for a program to function, it can also be used for malicious purposes. Attackers can use DLL sideloading to execute arbitrary code on a target system, often by exploiting vulnerabilities in legitimate...

8.1AI score
Exploits0References4
Veracode
Veracode
added 2023/08/04 7:20 a.m.22 views

Timing Attack

github.com/answerdev/answer is vulnerable to Timing Attacks. The vulnerability exists because the application does not have a constant login attempt response time. which allows an attacker to brute force valid account email addresses...

5.3CVSS6.8AI score0.00639EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.40 views

SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2023:3096-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3096-1 advisory. - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out...

5.9CVSS7.1AI score0.16195EPSS
Exploits0References8
Amazon
Amazon
added 2023/07/25 12:0 a.m.4 views

Important: openssl-snapsafe

Issue Overview: A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number o...

7.5CVSS6.8AI score0.73461EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/07/18 8:24 a.m.2 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/07/18 12:0 a.m.50 views

RHEL 8 : edk2 (RHSA-2023:4128)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:4128 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

7.5CVSS7.8AI score0.59501EPSS
Exploits0References8
OSV
OSV
added 2023/07/11 6:44 p.m.47 views

GO-2023-1733 Timing attack from non-constant time scalar arithmetic in github.com/bnb-chain/tss-lib

Timing attack from non-constant time scalar arithmetic in github.com/bnb-chain/tss-lib...

7.5CVSS7.4AI score0.00864EPSS
Exploits0References1
OSV
OSV
added 2023/07/11 6:44 p.m.24 views

GO-2023-1732 Timing attack from non-constant time scalar multiplication in github.com/bnb-chain/tss-lib

Timing attack from non-constant time scalar multiplication in github.com/bnb-chain/tss-lib...

9.1CVSS9.2AI score0.00864EPSS
Exploits0References1
OSV
OSV
added 2023/06/22 4:36 p.m.20 views

GO-2023-1859 Padding oracle vulnerability in github.com/lestrrat-go/jwx

AES-CBC decryption is vulnerable to a timing attack which may permit an attacker to recover the plaintext of JWE data...

7AI score
Exploits0References2
OSV
OSV
added 2023/06/19 11:15 a.m.1 views

DEBIAN-CVE-2023-34414

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a sit...

3.1CVSS5.2AI score0.00897EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2023/06/14 5:24 p.m.16 views

github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack

Summary Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability. Details On v2.0.10, decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding":...

6.8AI score
Exploits0References6Affected Software2
RedHat Linux
RedHat Linux
added 2023/06/14 9:55 a.m.5 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/14 8:54 a.m.5 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/14 8:54 a.m.3 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/14 8:43 a.m.4 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/13 3:0 p.m.4 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/13 3:0 p.m.3 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
Rows per page
Query Builder