Lucene search
K

3243 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.2 views

SUSE CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

6.4CVSS7AI score0.03449EPSS
Exploits0References13
SUSE CVE
SUSE CVE
added 2023/02/15 4:14 a.m.2 views

SUSE CVE-2019-9815

If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks. Apple has shipped macOS 10.14.5 with an option to disable hyperthreading in applications running untrusted code in a thread through a new sysctl. Firefox now makes use of it on the main...

8.1CVSS8.6AI score0.01828EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:7 a.m.1 views

SUSE CVE-2019-16782

There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...

5.6CVSS6.4AI score0.03687EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:5 a.m.4 views

SUSE CVE-2019-25025

The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering information about whether a guessed session ID is valid. Consequently, remote attackers can leverage timing discrepancies to achieve a...

5.9CVSS6.5AI score0.01835EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.1 views

SUSE CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS8.8AI score0.00594EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.2 views

SUSE CVE-2021-3714

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a network...

5.9CVSS8.6AI score0.01095EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.5 views

SUSE CVE-2021-32921

An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or later. This can potentially be used in a timing attack to reveal the contents of secret strings to an attacker...

5.9CVSS5.7AI score0.01601EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.5 views

SUSE CVE-2021-33880

The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basicauthprotocolfactorycredentials=.... An attacker may be able to guess a password via a timing attack...

5.9CVSS6.8AI score0.02265EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-34337

An issue was discovered in Mailman Core before 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability for attacke...

7.4CVSS7.1AI score0.00299EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:34 a.m.2 views

SUSE CVE-2022-0987

A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists...

3.3CVSS6.6AI score0.00263EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.1 views

SUSE CVE-2022-23823

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure...

6.5CVSS6.4AI score0.01037EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:25 a.m.3 views

SUSE CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.1CVSS8.7AI score0.00594EPSS
Exploits0References8
The Hacker News
The Hacker News
added 2023/02/09 9:51 a.m.142 views

OpenSSL Fixes Multiple New Security Flaws with Latest Update

The OpenSSL Project has released fixes to address several security flaws, including a high-severity bug in the open source encryption toolkit that could potentially expose users to malicious attacks. Tracked as CVE-2023-0286, the issue relates to a case of type confusion that may permit an...

7.5CVSS0.9AI score0.59501EPSS
Exploits0
CVE
CVE
added 2023/02/08 7:4 p.m.922 views

CVE-2022-4304

CVE-2022-4304 describes a timing-based side‑channel in OpenSSL’s RSA decryption implementation that could allow recovering plaintext over the network via a Bleichenbacher‑style attack. It affects all RSA padding modes (PKCS#1 v1.5, RSA‑OAEP, and RSASVE). The connected Astra Linux bulletin reprodu...

5.9CVSS6.9AI score0.16195EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2023/02/08 6:41 p.m.6 views

plugin: Non-constant time webhook signature comparison in GitHub Plugin

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...

5.3CVSS5.8AI score0.00707EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/01/31 1:18 p.m.5 views

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.8AI score0.00584EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.5 views

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.8AI score0.00584EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2023/01/27 12:0 a.m.35 views

Ubuntu: Security Advisory (USN-5253-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.1AI score0.03687EPSS
Exploits1References2
PyPA
PyPA
added 2023/01/24 12:0 a.m.6 views

PYSEC-2023-1

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

6.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2023/01/24 12:0 a.m.14 views

PYSEC-2023-1

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

7.1AI score
Exploits0References2
Rows per page
Query Builder