Lucene search
K

3243 matches found

NVD
NVD
added 2022/12/22 8:15 p.m.13 views

CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.5CVSS0.00594EPSS
Exploits0References4
Prion
Prion
added 2022/12/22 8:15 p.m.17 views

Cross site scripting

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

4.3CVSS6.9AI score0.00594EPSS
Exploits0References4Affected Software3
Vulnrichment
Vulnrichment
added 2022/12/22 12:0 a.m.6 views

CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

5.9AI score0.00594EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/22 12:0 a.m.17 views

CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

7.5AI score0.00594EPSS
Exploits0References4
CVE
CVE
added 2022/12/22 12:0 a.m.215 views

CVE-2022-31742

CVE-2022-31742 describes a timing-attack flaw in WebAuthn: an attacker could send many allowCredential entries and distinguish valid vs invalid key handles, enabling cross-origin account linking. Affected products in the provided records are Thunderbird < 91.10, Firefox < 101, and Firefox ESR

6.5CVSS7.2AI score0.00594EPSS
Exploits0References4Affected Software3
Debian CVE
Debian CVE
added 2022/12/22 12:0 a.m.42 views

CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.5CVSS8.2AI score0.00594EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2022/12/22 12:0 a.m.37 views

CVE-2022-31742

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affec...

6.5CVSS7.7AI score0.00594EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2022/12/15 1:55 a.m.31 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.6. Vulnerability Details CVEID:CVE-2018-8023 DESCRIPTION: Apache Mesos could allow a remote attacker to obtain sensitive information, caused by a timing attack in the JSON Web Token JWT implementation. By...

9.1CVSS9AI score0.12403EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/21 12:53 p.m.3 views

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

6.5CVSS7.3AI score0.00672EPSS
Exploits0References6
Veracode
Veracode
added 2022/11/17 9:19 p.m.26 views

Timing Attack

mailman3 is vulnerable to timing attacks. The vulnerability exists due to lack of constant time password checks which allows an attacker to perform timing attacks...

6.3CVSS6.3AI score0.00299EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2022/11/16 8:15 p.m.18 views

CVE-2022-41914

Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...

3.7CVSS0.00508EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.4 views

Zulip 信息泄露漏洞

Zulip is a powerful open source group chat application from Zulip, Inc. for combining the immediacy of real-time chat with the productivity benefits of threaded conversations. An information disclosure vulnerability exists in Zulip versions 5.0 through 5.6, which stems from its use of a comparato...

3.7CVSS5.1AI score0.00508EPSS
Exploits0References4
CVE
CVE
added 2022/11/16 12:0 a.m.61 views

CVE-2022-41914

Zulip Server versions 5.0–5.6 are affected by a non-constant-time SCIM bearer token comparison, enabling potential timing attacks to infer the token value and impersonate the SCIM client to read or update user accounts within an organization. Impact is limited to deployments with SCIM account man...

3.7CVSS4AI score0.00508EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/11/15 12:15 a.m.5 views

CVE-2022-33908

DMA transactions which are targeted at input buffers used for the SdHostDriver software SMI handler could cause SMRAM corruption through a TOCTOU attack. DMA transactions which are targeted at input buffers used for the software SMI handler used by the SdHostDriver driver could cause SMRAM...

7CVSS5.8AI score0.00132EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/14 4:37 a.m.40 views

Security Bulletin: Vulnerability from Apache Kafka affect IBM Operations Analytics - Log Analysis (CVE-2021-38153)

Summary Apache Kafka is vulnerable to timing attacks that could allow remote attacker to obtain sensitive information Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use o...

5.9CVSS6.4AI score0.05773EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.6 views

PT-2022-21192 · Insyde · Insydeh2O Uefi Firmware

Name of the Vulnerable Software and Affected Versions: InsydeH2O UEFI firmware versions prior to Kernel 5.2: 05.27.23 InsydeH2O UEFI firmware versions prior to Kernel 5.3: 05.36.23 InsydeH2O UEFI firmware versions prior to Kernel 5.4: 05.44.23 InsydeH2O UEFI firmware versions prior to Kernel 5.5:...

6.4CVSS6.4AI score0.00132EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/08 4:36 p.m.80 views

Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities

Summary IBM Security Guardium has fixed these vulnerabilities. Vulnerability Details CVEID:CVE-2021-38153 DESCRIPTION: Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of "Arrays.equals" to validate a password or key. By...

7.4CVSS7.5AI score0.50445EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2022/10/29 12:0 a.m.3 views

PwnDoc 授权问题漏洞

PwnDoc is a software application. Penetration test report generator. A security vulnerability exists in PwnDoc version 0.5.3, which stems from a vulnerability that could allow a remote attacker to identify valid user account names by exploiting the response time of authentication attempts...

5.3CVSS5.8AI score0.00746EPSS
Exploits1References3
OSV
OSV
added 2022/10/19 4:15 p.m.2 views

CVE-2022-43412

Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...

5.3CVSS5.8AI score0.00501EPSS
Exploits0References2
NVD
NVD
added 2022/10/14 7:15 p.m.28 views

CVE-2022-39308

GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...

6.5CVSS0.00622EPSS
Exploits0References4
Rows per page
Query Builder