Lucene search
K

3242 matches found

RedHat Linux
RedHat Linux
added 2023/06/13 3:0 p.m.3 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/13 2:59 p.m.2 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/13 2:58 p.m.2 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/13 2:58 p.m.3 views

Mozilla: Click-jacking certificate exceptions through rendering lag

The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user...

3.1CVSS7.2AI score0.00897EPSS
Exploits0References6
Veracode
Veracode
added 2023/06/12 7:10 a.m.24 views

Timing Attack

saleor is vulnerable to a Timing Attack. The vulnerability exists due the validatehmacsignature function which has a non constant time that can allow an attacker to infer the secret key or forge fake events...

5.4CVSS6.8AI score0.00341EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2023/06/07 2:23 a.m.1 views

SUSE CVE-2023-34414

The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a sit...

7.5CVSS6AI score0.00897EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/06/05 4:29 p.m.55 views

Important: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.3 release and security update

An update is now available for Red Hat JBoss Web Server 5.7.3 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, i...

7.5CVSS7AI score0.59501EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/06/05 12:30 p.m.6 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/06/05 11:46 a.m.5 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/06/05 12:0 a.m.31 views

RHEL 7 / 8 / 9 : Red Hat JBoss Web Server 5.7.3 (RHSA-2023:3420)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3420 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2023/05/31 6:42 p.m.3 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/31 6:42 p.m.65 views

Moderate: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

7.5CVSS7.1AI score0.20444EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/05/31 12:0 a.m.45 views

RHEL 8 : openssl (RHSA-2023:3408)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3408 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

7.5CVSS7.6AI score0.20444EPSS
Exploits0References9
NVD
NVD
added 2023/05/30 4:15 a.m.11 views

CVE-2023-32691

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

5.9CVSS5.6AI score0.00574EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/05/30 3:6 a.m.7 views

CVE-2023-32691 ginuerzh/gost vulnerable to Timing Attack

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

5.9CVSS6.7AI score0.00574EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/05/30 3:6 a.m.42 views

CVE-2023-32691 ginuerzh/gost vulnerable to Timing Attack

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

5.9CVSS5.9AI score0.00574EPSS
Exploits1References2
CVE
CVE
added 2023/05/30 3:6 a.m.67 views

CVE-2023-32691

CVE-2023-32691 affects gost (GO Simple Tunnel) written in Go. The root cause is untrusted input from an HTTP header being compared directly to a secret (not using constant-time comparison), enabling a side-channel timing attack to guess secrets. The common remediation is to switch to constant-tim...

5.9CVSS5.6AI score0.00574EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/05/30 3:6 a.m.31 views

CVE-2023-32691 ginuerzh/gost vulnerable to Timing Attack

gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...

5.9CVSS5.8AI score0.00574EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.4 views

GO Simple Tunnel 安全漏洞

GO Simple Tunnel is a secure tunnel implemented in the GO language by ginuerzh individual developers. GO Simple Tunnel suffers from a security vulnerability that stems from the fact that sensitive information such as passwords, tokens, and API keys can only be compared using a constant-time...

5.9CVSS5.9AI score0.00574EPSS
Exploits1References4
OSV
OSV
added 2023/05/25 2:29 p.m.32 views

CVE-2023-32694 Non-constant time HMAC comparison in Adyen plugin in Saleor

Saleor Core is a composable, headless commerce API. Saleor's validatehmacsignature function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could...

4.8CVSS5.3AI score0.00341EPSS
Exploits0References4
Rows per page
Query Builder