Lucene search
K

3243 matches found

Microsoft CVE
Microsoft CVE
added 2023/01/23 8:0 a.m.3 views

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA.

...

4.7CVSS4.9AI score0.00163EPSS
Exploits0
Veracode
Veracode
added 2023/01/18 7:15 a.m.21 views

Timing Attack

WildFly Elytron is vulnerable to Timing Attacks. The vulnerability exists because DigestPasswordImpl.java does not compare hash values in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash...

7.4CVSS8.2AI score0.00584EPSS
Exploits0References4Affected Software2
Veracode
Veracode
added 2023/01/18 5:25 a.m.18 views

Timing Attack

barzahlen/barzahlen-php is vulnerable to Timing Attacks. The vulnerability exists via the verify function in Webhook.php, which allows an attacker to gain timing information of the application, which can leads to Information Disclosure...

5.3CVSS3.4AI score0.00625EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.3 views

oznetmaster SSharpSmartThreadPool 竞争条件问题漏洞

SSharpSmartThreadPool is a secondary wrapper component for ThreadPool by oznetmaster Personal Developer. The oznetmaster SSharpSmartThreadPool is vulnerable to a contention condition issue. An attacker exploits this vulnerability to cause two threads to rely on the order or timing of the appearan...

8.1CVSS5.8AI score0.00538EPSS
Exploits0References4
OSV
OSV
added 2023/01/17 9:15 p.m.3 views

DEBIAN-CVE-2021-36647

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

4.7CVSS4.8AI score0.00163EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2023/01/17 9:15 p.m.34 views

CVE-2021-36647

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

4.7CVSS5.9AI score0.00163EPSS
Exploits0References4
Prion
Prion
added 2023/01/17 9:15 p.m.24 views

Design/Logic Flaw

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

1CVSS4.7AI score0.00163EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/17 9:15 p.m.2 views

UBUNTU-CVE-2021-36647

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

4.7CVSS5.8AI score0.00163EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/01/17 12:0 a.m.7 views

CVE-2021-36647

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

6.9AI score0.00163EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2023/01/17 12:0 a.m.25 views

CVE-2021-36647

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtlsmpiexpmod in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information typically an untrusted operating system attacking a...

4.7CVSS4.6AI score0.00163EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2023/01/12 4:49 p.m.2 views

jenkins: Observable timing discrepancy allows determining username validity

In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm...

7.5CVSS6.4AI score0.01221EPSS
Exploits0References5
Cvelist
Cvelist
added 2023/01/11 8:57 p.m.39 views

CVE-2022-3143

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead...

7.3AI score0.00584EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/01/11 8:57 p.m.6 views

CVE-2022-3143

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead...

6.3AI score0.00584EPSS
Exploits0References1
OSV
OSV
added 2023/01/11 7:15 p.m.5 views

CVE-2022-4499

TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack. By measuring the response time of the httpd process, an attacker could guess each byte of the username and password...

7.5CVSS5.8AI score0.00709EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/01/11 12:0 a.m.2 views

TP-Link Archer C5 安全漏洞

The TP-LINK Archer C5 is a wireless router from China P&L TP-LINK. The TP-Link Archer C5 suffers from a security vulnerability that stems from its use of the latest software's strcmp function for checking credentials in httpd, which allows an attacker to measure the response time of the httpd...

7.5CVSS7.6AI score0.00709EPSS
Exploits0References2
Veracode
Veracode
added 2023/01/07 8:33 p.m.15 views

Timing Attack

github.com/robbert229/jwt is vulnerable to Timing Attacks. A remote attacker is able to determine the expected hash-based message authentication codeHMAC with a large enough number of requests over a low latency connection...

7.5CVSS7.4AI score0.00748EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/01/03 10:25 p.m.36 views

GO-2022-1201 Timing attack in github.com/openshift/osin

Client secret checks are vulnerable to timing attacks, which could permit an attacker to determine client secrets...

5.9CVSS5.8AI score0.00676EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.4 views

PT-2022-11745 · Red Hat · Openshift Osin

Name of the Vulnerable Software and Affected Versions: OpenShift OSIN affected versions not specified Description: A vulnerability was found in OpenShift OSIN, classified as problematic. It affects the function ClientSecretMatches/CheckClientSecret. The manipulation of the argument secret leads t...

5.9CVSS4.2AI score0.00676EPSS
Exploits0References12
OSV
OSV
added 2022/12/22 8:15 p.m.5 views

CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.5CVSS8.8AI score
Exploits0References4
NVD
NVD
added 2022/12/22 8:15 p.m.13 views

CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.5CVSS0.00594EPSS
Exploits0References4
Rows per page
Query Builder