3236 matches found
Timing Attack
mudler/LocalAI is vulnerable to Timing Attack. The vulnerability is due to a side-channel attack that exploits variations in response time during cryptographic operations, potentially exposing valid login credentials...
python-django: Username enumeration through timing difference for users with unusable passwords
A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords...
python-django: Username enumeration through timing difference for users with unusable passwords
A vulnerability was found in Python-Django in the django.contrib.auth.backends.ModelBackend.authenticate method. This flaw allows remote attackers to enumerate users via a timing attack involving login requests for users with unusable passwords...
RHEL 7 : python-django (RHSA-2016:0505)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:0505 advisory. Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as muc...
RHEL 6 : openstack-swift (RHSA-2014:0367)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2014:0367 advisory. OpenStack Object Storage swift provides object storage in virtual containers, which allows users to store and retrieve files arbitrary data. The...
CVE-2024-41741
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system...
IBM TXSeries for Multiplatforms 安全漏洞
IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 10.1, which...
CVE-2024-7010
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
CVE-2024-7010
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
CVE-2024-7010 Timing Attack in mudler/localai
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
CVE-2024-7010 Timing Attack in mudler/localai
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
CVE-2024-7010
The CVE-2024-7010 entry concerns mudler/localai version 2.17.1 and a Timing Attack vulnerability in password handling that leaks credentials by measuring cryptographic operation timing. This is a network-accessible side-channel issue with reported confidentiality impact, and multiple sources (NVD...
PT-2024-38028 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.17.1 Description: The issue is a Timing Attack, a type of side-channel attack that allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. In the context of...
forgejo -- multiple vulnerabilities
Problem Description: Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing...
OESA-2024-2280 python-django security update
Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Security Fixes: An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7. urlize and urlizetrunc were subject to a potential denial of service attack via certain inputs with ...
Timing Attack
gradio is vulnerable to Timing Attack. The vulnerability is due to the analyticsdashboard function. An attacker can infer the correct hash byte-by-byte by measuring the response time of different requests, leading to unauthorized access to the analytics dashboard...
SUSE CVE-2024-47869
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...
PYSEC-2024-199
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...
CVE-2024-47869
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...
PYSEC-2024-199
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response ti...