715 matches found
CVE-2022-3143
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead...
CVE-2022-3143
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead...
Design/Logic Flaw
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead...
plugin: Non-constant time webhook signature comparison in GitHub Plugin
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...
CVE-2022-3143
CVE-2022-3143 affects WildFly Elytron where java.util.Arrays.equals is used in multiple places, enabling timing attacks. The root cause is unsafe comparisons potentially leaking information about secret values; the recommended fix is to replace such comparisons with java.security.MessageDigest.is...
PT-2023-13035 · Unknown · Wildfly Elytron
Name of the Vulnerable Software and Affected Versions: Wildfly-elytron affected versions not specified Description: A flaw was found in Wildfly-elytron, where it uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. This allows an attacker to access...
Timing Attacks
github.com/openshift/osin is vulnerable to timing attacks. The vulnerability exists because the ClientSecretMatches function in client.go and CheckClientSecret function in util.go does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to...
CVE-2022-45416
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
CVE-2022-45416
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Design/Logic Flaw
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
CVE-2022-45416
CVE-2022-45416 affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox
CVE-2022-45416
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
CVE-2022-45416
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
CVE-2022-45416
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Oracle Linux 9 : thunderbird (ELSA-2022-8561)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8561 advisory. 102.5.0-2.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 102.5.0-2 - Update to 102.5.0 build2 102.5.0-1 -...
Oracle Linux 9 : firefox (ELSA-2022-8580)
The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8580 advisory. 102.5.0-1.0.1 - Updated homepages to use https Orabug: 34648274 102.5.0-1 - Update to 102.5.0 build1 102.4.0-1 - Update to 102.4.0 build1 102.3.0-7 - F...
Oracle Linux 8 : firefox (ELSA-2022-8554)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-8554 advisory. 102.5.0-1.0.1 - Updated homepages to use https Orabug: 34648274 - Removed Upstream references - Add firefox-oracle-default-prefs.js and remove the...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...
Mozilla: Keystroke Side-Channel Leakage
The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...