Timing Attacks

ezsystems/ezpublish-kernel is vulnerable to timing attacks. The vulnerability exists because the library does not compare hashes in constant time, allowing an attacker to progressively use the timing of the request to identify a valid hash...

Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue as an attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have...

Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...

GHSA-CX3Q-CV6W-MX4H Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors...

Silverstripe CMS User Enumeration

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks...

GHSA-FWHR-G5R4-XGXF Silverstripe CMS User Enumeration

Response discrepancy in the login and password reset forms in SilverStripe CMS before 3.5.5 and 3.6.x before 3.6.1 allows remote attackers to enumerate users via timing attacks...

NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Multiple Vulnerabilities (NS-SA-2022-0009)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ovmf packages installed that are affected by multiple vulnerabilities: - Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service vi...

GitHub Security Lab: [Java]: Timing attacks while comparing the headers value

This bug was reported directly to GitHub Security Lab...

Apache Hive Information Exposure and Observable Timing Discrepancy

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8...

AlmaLinux 8 : python-cryptography (ALSA-2021:1608)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:1608 advisory. - python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext...

Mageia: Security Advisory (MGASA-2014-0124)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2021-0456)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Embedthis Software GoAhead 安全漏洞

Embedthis Software GoAhead is an embedded Web server from Embedthis Software. A security vulnerability exists in Embedthis Software GoAhead, which stems from the fact that the code that performs password matching during "basic" HTTP authentication does not use the constant time memcmp and is not...

Mozilla Firefox Security Advisory (MFSA2014-28) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

CVE-2021-43398

Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this...

CVE-2021-43398

Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this...

CVE-2021-43398

Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this...

Information disclosure

DISPUTED Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks...

CVE-2021-43398

Crypto++ (Cryptopp) versions 8.6.0 and earlier have a timing leakage in MakePublicKey(), with execution time correlated to private key length. This could enable timing-based information disclosure, though the vendor and third parties dispute the severity and attribute differences to an intentiona...

CVE-2021-43398

Crypto++ aka Cryptopp 8.6.0 and earlier contains a timing leakage in MakePublicKey. There is a clear correlation between execution time and private key length, which may cause disclosure of the length information of the private key. This might allow attackers to conduct timing attacks. NOTE: this...