Lucene search
K

3242 matches found

Github Security Blog
Github Security Blog
added 2023/04/21 6:30 p.m.13 views

IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS6.7AI score0.00864EPSS
Exploits0References9Affected Software2
OSV
OSV
added 2023/04/21 6:30 p.m.4 views

GHSA-3W84-4MJC-RJW7 IO FinNet tss-lib vulnerable to timing attack from non-constant time scalar multiplication

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time there is an if statement in a loop. One leak is in ecdsa/keygen/round2.go. bnb-chain/tss-lib and...

9.1CVSS9.1AI score0.00864EPSS
Exploits0References9
NVD
NVD
added 2023/04/21 6:15 p.m.27 views

CVE-2023-26557

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. An example leak is in crypto/paillier/paillier.go. bnb-chain/tss-lib and...

7.5CVSS7.5AI score0.00864EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/04/15 9:30 p.m.52 views

Mailman Core vulnerable to timing attacks

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

6.3CVSS6.4AI score0.00299EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2023/04/15 8:16 p.m.6 views

PYSEC-2023-22

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

6.3CVSS7.1AI score0.00299EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/04/15 8:16 p.m.16 views

CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

6.3CVSS6.4AI score0.00299EPSS
Exploits0References3
OSV
OSV
added 2023/04/15 8:16 p.m.4 views

UBUNTU-CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

6.3CVSS5.9AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.5 views

GNU Mailman 安全漏洞

GNU Mailman is a free suite of software for managing e-mail discussions and e-mail lists from the GNU community in the United States. The software integrates with web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding...

6.3CVSS6.6AI score0.00299EPSS
Exploits0References4
CVE
CVE
added 2023/04/15 12:0 a.m.93 views

CVE-2021-34337

Affected software: Mailman Core before 3.3.5. Vulnerability: REST API timing attack could allow an attacker with local access to deduce the configured REST API password and then perform arbitrary REST API calls. The REST API is bound to localhost by default, but can be configured to listen on oth...

6.3CVSS6.3AI score0.00299EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2023/04/11 10:0 p.m.30 views

GitHub Security Lab: [Python]: Timing attack

Vulnerability description not provided...

7.1AI score
Exploits0
Veracode
Veracode
added 2023/04/06 10:50 a.m.94 views

Timing Attack

github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult and div functions of shamir.go because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host...

5CVSS5AI score0.0021EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/03/30 12:0 a.m.21 views

HashiCorp Vault 安全漏洞

HashiCorp Vault is a private key access management tool from the US-based HashiCorp. HashiCorp Vault suffers from a security vulnerability that stems from vulnerability to a cache timing attack, where an attacker who is able to observe a large number of unblocking operations on a host through a...

5CVSS5.7AI score0.0021EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2023/03/29 4:47 p.m.64 views

openssl security and bug fix update

An update is available for openssl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

7.5CVSS7.7AI score0.59501EPSS
Exploits0
OSV
OSV
added 2023/03/29 4:47 p.m.45 views

RLSA-2023:0946 Important: openssl security and bug fix update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: read buffer overflow in...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2023/03/29 12:0 a.m.162 views

Rocky Linux 9 : openssl (RLSA-2023:0946)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0946 advisory. - A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after...

7.5CVSS7.6AI score0.59501EPSS
Exploits0References28
Rockylinux
Rockylinux
added 2023/03/28 1:7 p.m.64 views

openssl security update

An update is available for openssl. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

7.5CVSS7.5AI score0.59501EPSS
Exploits0
OSV
OSV
added 2023/03/28 1:7 p.m.40 views

RLSA-2023:1405 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...

7.5CVSS7.3AI score0.59501EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2023/03/23 12:0 a.m.55 views

AlmaLinux 8 : openssl (ALSA-2023:1405)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:1405 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

7.5CVSS7.9AI score0.59501EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2023/03/22 12:0 a.m.79 views

Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...

7.5CVSS7.5AI score0.59501EPSS
Exploits0References10
OSV
OSV
added 2023/03/22 12:0 a.m.36 views

ALSA-2023:1405 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: X.400 address type confusion in X.509 GeneralName CVE-2023-0286 openssl: timing attack in RSA...

7.5CVSS7.3AI score0.59501EPSS
Exploits0References10
Rows per page
Query Builder