Lucene search
K

3242 matches found

Veracode
Veracode
added 2023/05/24 4:8 a.m.50 views

Timing Attack

github.com/ginuerzh/gost is vulnerable to Timing Attacks. The vulnerability exists because the Authenticate function of auth.go does not properly compare sensitive secrets such as passwords, tokens and API keys using constant-time comparison, which allows an attacker to guess a secret by observin...

5.9CVSS6.7AI score0.00574EPSS
Exploits1References3Affected Software1
Oracle linux
Oracle linux
added 2023/05/24 12:0 a.m.63 views

edk2 security update

20220126gitbb1bba3d77-4 - edk2-openssl-update.patch bz2164531 bz2164543 bz2164558 bz2164581 - edk2-rh-openssl-add-crypto-bn-rsasupmul.c-to-file-list.patch bz2164531 bz2164543 bz2164558 bz2164581 - Resolves: bz2164531 CVE-2023-0286 edk2: openssl: X.400 address type confusion in X.509 GeneralName...

7.5CVSS7.2AI score0.59501EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.6 views

PT-2023-23965 · Gost · Gost

Name of the Vulnerable Software and Affected Versions: gost GO Simple Tunnel affected versions not specified Description: The issue arises from the comparison of untrusted input, sourced from an HTTP header, with a secret using a non-constant time comparison function. This allows an attacker to...

5.9CVSS5.4AI score0.00574EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/05/18 12:0 a.m.45 views

EulerOS 2.0 SP10 : openssl (EulerOS-SA-2023-1960)

According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a netwo...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/16 8:49 a.m.6 views

openssl: timing attack in RSA Decryption implementation

A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages...

5.9CVSS6.7AI score0.16195EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/05/16 8:49 a.m.92 views

Important: Red Hat Security Advisory: edk2 security update

An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.5CVSS7AI score0.59501EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2023/05/16 12:0 a.m.50 views

RHEL 8 : edk2 (RHSA-2023:2932)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2932 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References11
OSV
OSV
added 2023/05/16 12:0 a.m.42 views

ALSA-2023:2932 Important: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA Decryption...

7.5CVSS7.3AI score0.59501EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2023/05/12 12:0 a.m.48 views

RHEL 9 : edk2 (RHSA-2023:2165)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:2165 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware f...

9.8CVSS7.5AI score0.59501EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2023/05/09 9:50 a.m.46 views

Important: Red Hat Security Advisory: edk2 security, bug fix, and enhancement update

An update for edk2 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS7AI score0.59501EPSS
Exploits0References14
OSV
OSV
added 2023/05/09 12:0 a.m.36 views

ALSA-2023:2165 Important: edk2 security, bug fix, and enhancement update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 edk2: integer underflow in SmmEntryPoint function...

9.8CVSS7.5AI score0.59501EPSS
Exploits0References12
OSV
OSV
added 2023/04/26 3:31 p.m.2 views

SUSE-SU-2023:2047-1 Security update for openssl-ibmca

This update for openssl-ibmca fixes the following issues: - Fixed a timing-based side channel attack in RSA in the IBMCA engine openssl-ibmca...

7.1AI score
Exploits0References2
Veracode
Veracode
added 2023/04/26 11:54 a.m.69 views

Timing Attack

laravel/framework is vulnerable to Timing Attacks. The vulnerability exists in the hasValidCredentials function of SessionGuard.php due to the fact that a successful login request takes more time then a unsuccessful request due to HTTP/2 multiplexing, which allows an attacker to enumerate users v...

5.3CVSS5.5AI score0.00881EPSS
Exploits1References5Affected Software1
Veracode
Veracode
added 2023/04/26 7:5 a.m.22 views

Timing Attack

github.com/bnb-chain/tss-lib, github.com/iofinnet/thresh and github.com/thorchain/thorchain-tss are vulnerable to Timing Attacks. The vulnerability exists due to leakage of the lambda value of a private key in multiple functions including the functions in paillier.go which allows an attacker to...

7.5CVSS7.4AI score0.00864EPSS
Exploits0References9Affected Software4
Veracode
Veracode
added 2023/04/26 6:5 a.m.21 views

Timing Attack

github.com/iofinnet/thresh, github.com/thorchain/thorchain-tss and github.com/bnb-chain/tss-lib are vulnerable to Timing Attacks. The vulnerability exists due to a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic which allows an attack...

9.1CVSS8.7AI score0.00864EPSS
Exploits0References9Affected Software4
Positive Technologies
Positive Technologies
added 2023/04/26 12:0 a.m.3 views

PT-2023-36152 · Ibm · Openssl-Ibmca

Name of the Vulnerable Software and Affected Versions: openssl-ibmca affected versions not specified Description: The issue is related to a timing-based side channel attack in RSA within the IBMCA engine of openssl-ibmca. Recommendations: At the moment, there is no information about a newer versi...

6.8AI score
Exploits0References3
Prion
Prion
added 2023/04/25 7:15 p.m.18 views

Authentication flaw

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

5CVSS5.3AI score0.00881EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/25 12:0 a.m.10 views

CVE-2022-40482

The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a us...

5.4AI score0.00881EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.6 views

PT-2023-13792 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions 8.x through 9.x before 9.32.0 Description: The authentication method was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This issue is caused by the early return inside th...

5.3CVSS7.5AI score0.00881EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2023/04/21 6:30 p.m.20 views

IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar arithmetic

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

7.5CVSS6.7AI score0.00864EPSS
Exploits0References7Affected Software2
Rows per page
Query Builder