Lucene search
K

716 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/09/26 6:33 p.m.10 views

Security Bulletin: Vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff might affect IBM Storage Defender Copy Data Management

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Bouncy Castle, Eclipse JGit and Node.js diff. Vulnerabilities include vulnerable to padding oracle attack, allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistic...

7.5CVSS8.2AI score0.08878EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/09/24 7:21 p.m.5 views

GO-2025-3972 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication in d7y.io/dragonfly...

6.9CVSS7.1AI score0.00315EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/19 8:37 p.m.9 views

CVE-2025-59350

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

6.9CVSS7AI score0.00315EPSS
Exploits0References1
NVD
NVD
added 2025/09/17 8:15 p.m.7 views

CVE-2025-59350

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

6.9CVSS0.00315EPSS
Exploits0References2
CVE
CVE
added 2025/09/17 7:43 p.m.19 views

CVE-2025-59350

CVE-2025-59350 - Dragonfly : A timing-attack vulnerability in the Proxy feature’s access control (string comparison) prior to 2.1.0 enables an attacker to guess passwords by measuring response times. The issue is fixed in 2.1.0. Affected: Dragonfly, proxy access control mechanism. Mitigation: upg...

6.9CVSS6.6AI score0.00315EPSS
Exploits0References2Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2025/09/17 12:0 a.m.8 views

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison instruction’...

6.9CVSS7.1AI score0.00315EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2025/09/05 6:15 p.m.12 views

CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

7CVSS0.00149EPSS
Exploits0References9
OSV
OSV
added 2025/09/05 6:15 p.m.4 views

DEBIAN-CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

7CVSS6AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2025/09/05 6:15 p.m.3 views

UBUNTU-CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

7CVSS6.4AI score0.00149EPSS
Exploits0References34
Cvelist
Cvelist
added 2025/09/05 5:21 p.m.16 views

CVE-2025-39702 ipv6: sr: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

0.00149EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2025/09/05 5:21 p.m.5 views

CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

7CVSS5.2AI score0.00149EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2025/09/05 5:21 p.m.44 views

CVE-2025-39702

CVE-2025-39702 affects the Linux kernel IPv6 source routing path (ipv6 sr) where MAC comparison was not constant-time, exposing potential timing attacks. The vulnerability is confirmed resolved in the kernel and is documented across multiple advisories (e.g., Debian LTS, Amazon Linux ALAS/* advis...

7CVSS5.9AI score0.00149EPSS
Exploits0References9Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/09/03 10:7 p.m.4 views

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

...

4.3CVSS9.2AI score0.00736EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2015-7827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million- message attacks by measuring time differences, related to...

7.5CVSS7.5AI score0.02443EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-18887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timin...

8.1CVSS7.2AI score0.01338EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-36829

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Mojolicious module before 8.65 for Perl is vulnerable to securecompare timing attacks that allow an attacker to guess the length of a secret string. Only...

7.5CVSS7.2AI score0.00507EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-12872

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduc...

5.9CVSS6.6AI score0.01446EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2017-5361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it...

5.9CVSS6.9AI score0.01368EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.3 views

Amazon Linux 2 : python-cryptography (ALAS-2025-2930)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2930 advisory. python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext. CVE-2020-25659 Tenable has extracted the preceding...

5.9CVSS7AI score0.02454EPSS
Exploits0References4
Snyk
Snyk
added 2025/07/07 10:44 a.m.2 views

Information Exposure

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Information Exposure via the authenticateuser function in the /server/endpoints/lollmsauthentication.py file. An attacker can enumerate valid usernames and incrementally guess...

8.7CVSS6.9AI score0.00371EPSS
Exploits0References2
Rows per page
Query Builder