3235 matches found
CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
CVE-2021-31245
omr-admin.py in openmptcprouter-vps-admin 0.57.3 and earlier compares the user provided password with the original password in a length dependent manner, which allows remote attackers to guess the password via a timing attack...
CVE-2024-41760
IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations...
CVE-2023-40021
Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...
CVE-2024-41741
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python-django (UTSA-2026-000177)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000177 advisory. An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers t...
Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access
Summary Security vulnerabilities have been addressed in IBM Verify Identity Access and IBM Security Verify Access Vulnerability Details CVEID:CVE-2024-12243 DESCRIPTION: A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1,...
CVE-2013-10031
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability ...
CVE-2025-40820
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...
CVE-2025-40820
Affected products do not properly enforce TCP sequence number validation in specific scenarios but accept values within a broad range. This could allow an unauthenticated remote attacker e.g. to interfere with connection setup, potentially leading to a denial of service. The attack succeeds only ...
CVE-2013-10031
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...
DEBIAN-CVE-2013-10031
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...
CVE-2013-10031 Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...
CVE-2013-10031 Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...
CVE-2013-10031
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks...
Plack::Middleware::Session 安全漏洞
Plack::Middleware::Session is a Plack open source minimalist session library for Plack. A security vulnerability exists in Plack::Middleware::Session versions prior to 0.17, which stems from vulnerability to HMAC comparison timing attacks...
Advisory ROSA-SA-2025-3095
Software: gnutls 3.6.16 OS: ROSA Virtualization 2.1 packageevrstring: gnutls-3.6.16-8.0.1.rv3.1 CVE-ID: CVE-2023-5981 BDU-ID: 2024-01500 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the GnuTLS transport layer security library is related to information disclosure via a mismatch. Exploitation of...
SUSE: Security Advisory (SUSE-SU-2025:21016-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 16 Security Update : ongres-scram (openSUSE-SU-2025-20059-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025-20059-1 advisory. - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication bsc1250399 Tenable has extracted the preceding description block directly fr...
JLSEC-2025-232 Side channel in RSA key generation and operations (SSBleed, M-Step)
Vulnerability Mbed TLS's modular inversion routine and GCD routine are vulnerable to local timing attacks in a number of settings discussed below. These functions are used in RSA, making the following operations vulnerable in all configurations: - RSA key generation with any API mbedtlsrsagenkey...