3236 matches found
CVE-2024-11862
Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...
CVE-2024-40640
vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...
CVE-2023-46739
CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS...
CVE-2023-32691
gost GO Simple Tunnel is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not...
CVE-2022-48366
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.19. It allows determining account existence via a timing attack...
CVE-2022-32425
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time...
CVE-2022-39308
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 inclusive are subject to a timing attack in validation of access tokens due to use of regular string comparison f...
CVE-2021-42016
A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM RMC30, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RP110, RUGGEDCOM...
CVE-2021-24651
The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the aysfinishpoll AJAX action. While the result is not disclosed in the response, it is possible to use a timing attack to exfiltrate data such as password hash...
CVE-2021-29444
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack due to an insecure non-constant time comparison in DERP server mesh authentication. Note: All Tailscale-operated DERP servers and Tailscale users who operate their own custom DERP servers with more than one server per regi...
CVE-2021-37606
Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timin...
CVE-2021-29621
Flask-AppBuilder is a development framework, built on top of Flask. User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Upgrade to version...