CVE-2021-43398

Removed by vendor...

Crypto++ 安全漏洞

Crypto++ is a C++ cryptographic method library. A security vulnerability exists in Crypto++ a.k.a. Cryptopp versions 8.6.0 and earlier, which stems from the software containing a timing leak in MakePublicKey. There is a significant correlation between the private key execution time and the privat...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ovmf Multiple Vulnerabilities (NS-SA-2021-0180)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ovmf packages installed that are affected by multiple vulnerabilities: - Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service vi...

MGASA-2021-0456 Updated python-rsa packages fix security vulnerability

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. CVE-2020-25658...

Updated python-rsa packages fix security vulnerability

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. CVE-2020-25658...

Security Bulletin: Multiple vulnerabilities in Bouncy Castle Java Cryptography affect IBM Tivoli Business Manager

Summary Bouncy Castle Java Cryptography is shipped as part of IBM Tivoli Business Manager 6.2.0. Information about security vulnerabilities affecting Bouncy Castle Java Cryptography has been published in a security bulletin. Vulnerability Details CVEID: CVE-2018-5382 DESCRIPTION: Bouncy Castle...

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

Default credentials

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

CVE-2021-38153

CVE-2021-38153 : Apache Kafka components validate passwords/keys with Arrays.equals, enabling timing attacks that can aid brute-force attempts. Affected releases include Kafka 2.0.0–2.8.0. The issue is fixed in 2.8.1+ and in 3.0.0+. Remediation: upgrade to 2.8.1+ or 3.0.0+ where the vulnerability...

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

The vulnerability of the Prosody Jabber/XMPP server lies in the simultaneous execution using a shared resource with incorrect synchronization, allowing an attacker to gain access to confidential data.

The vulnerability of the Prosody Jabber/XMPP server is related to the use of an algorithm with non-persistent execution time for comparing secret strings. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

hw: L1D Cache Eviction Sampling

A microarchitectural timing flaw was found on some Intel processors. A corner case exists where data in-flight during the eviction process can end up in the “fill buffers” and not properly cleared by the MDS mitigations. The fill buffer contents which were expected to be blank can be inferred usi...

GitHub Security Lab: Java: Timing attacks while comparing results of cryptographic operations

This bug was reported directly to GitHub Security Lab...

CVE-2021-32790

Woocommerce is an open source eCommerce plugin for WordPress. An SQL injection vulnerability impacts all WooCommerce sites running the WooCommerce plugin between version 3.3.0 and 3.3.6. Malicious actors already having admin access, or API keys to the WooCommerce site can exploit vulnerable...

SUSE-SU-2021:1963-1 Security update for crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-session_store

This update for crowbar-openstack, grafana, kibana, monasca-installer, python-Django, python-py, rubygem-activerecord-sessionstore contains the following fixes: Security fixes included in this update: crowbar-openstack: - CVE-2016-8611: Added rate limiting for the '/images' API POST method...

SUSE: Security Advisory (SUSE-SU-2013:0549-3)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0554-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2013:0549-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GHSA-434H-P4GX-JM89 Observable Response Discrepancy in Flask-AppBuilder

Impact User enumeration in database authentication in Flask-AppBuilder = 3.2.3. Allows for a non authenticated user to enumerate existing accounts by timing the response time from the server when you are logging in. Patches Upgrade to 3.3.0 For more information If you have any questions or commen...