Lucene search
+L

188 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/13 12:0 a.m.14 views

Siemens SCALANCE X-200RNA Switch Devices Concurrent Execution Using Shared Resource with Improper Synchronization (CVE-2003-1562)

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

7.6CVSS6.9AI score0.76751EPSS
Exploits10References4
NVD
NVD
added 2024/09/30 4:15 p.m.33 views

CVE-2024-47178

basic-auth-connect is Connect's Basic Auth middleware in its own module. basic-auth-connect 1.1.0 uses a timing-unsafe equality comparison that can leak timing information. This issue has been fixed in basic-auth-connect 1.1.0...

8.7CVSS0.00522EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/09/09 4:0 p.m.7 views

keycloak: potential bypass of brute force protection

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. Thi...

6.5CVSS5.8AI score0.00793EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.1331 views

SSH Username Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SSH Username Enumeration', 'Description' = %q This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The...

5.9CVSS7.3AI score0.98631EPSS
Exploits41
RedhatCVE
RedhatCVE
added 2024/08/15 5:18 p.m.16 views

CVE-2024-42368

A vulnerability was found in OpenTelemetry, specifically in the github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension. This flaw impacts anyone using the bearertokenauth server authenticator. Malicious clients with network access to the collector may perform...

6.5CVSS6.2AI score0.0062EPSS
Exploits0References6
NVD
NVD
added 2024/08/13 8:15 p.m.26 views

CVE-2024-42368

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

6.5CVSS0.0062EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/08/13 7:31 p.m.11 views

CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

6.5CVSS6.9AI score0.0062EPSS
Exploits0References3
CVE
CVE
added 2024/08/13 7:31 p.m.287 views

CVE-2024-42368

The CVE-2024-42368 issue affects the bearertokenauth server authenticator in OpenTelemetry Collector contributions. A timing-discrepancy arises from non-constant time string comparisons of bearer tokens, enabling a network-adjacent attacker to infer the configured token by measuring response time...

6.5CVSS6.5AI score0.0062EPSS
Exploits0References3
OSV
OSV
added 2024/08/13 7:31 p.m.13 views

CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy

OpenTelemetry, also known as OTel, is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, and logs. The bearertokenauth extension's server authenticator performs a simple, non-constant time string...

6.5CVSS6.3AI score0.0062EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/08/13 12:0 a.m.7 views

PT-2024-29902

Name of the Vulnerable Software and Affected Versions OpenTelemetry versions prior to 0.107.0 Description OpenTelemetry is a vendor-neutral open source Observability framework for instrumenting, generating, collecting, and exporting telemetry data. The bearertokenauth extension's server...

6.9CVSS6.6AI score0.0062EPSS
Exploits0References13
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/30 2:54 p.m.25 views

Security Bulletin: Timing Oracle in GSKit.

Summary A timing based side channel exists in the RSA Decryption implementation used by GSKit builds prior to 8.0.55.31. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RS...

7.5CVSS7.3AI score0.00925EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/07/22 3:15 p.m.3 views

CVE-2024-41828

In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time...

6.5CVSS5.8AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2024/07/17 5:27 p.m.10 views

CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...

2.9CVSS6.3AI score0.00201EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2024/06/18 12:0 a.m.6 views

The vulnerability of the RSA BSAFE Micro Edition Suite and BSAFE Crypto-C Micro Edition security tools lies in the fact that manipulating an unknown input can lead to a timing mismatch vulnerability, allowing attackers to disclose protected information.

The vulnerability of the RSA BSAFE Micro Edition Suite and BSAFE Crypto-C Micro Edition software lies in the manipulation of an unknown input, leading to a time mismatch vulnerability. Exploiting this vulnerability could allow an attacker to disclose the protected information...

5.1CVSS7.7AI score0.00152EPSS
Exploits0References2Affected Software2
Debian CVE
Debian CVE
added 2024/05/21 2:19 p.m.25 views

CVE-2021-47252

In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid WARNON timing related checks The soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. But WARNON must ...

5.5CVSS6.8AI score0.00226EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2024/04/28 12:30 a.m.27 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS7.1AI score0.00408EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2024/04/28 12:30 a.m.109 views

GHSA-3494-CFWF-56HW mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

5.3CVSS4.5AI score0.00408EPSS
Exploits0References5
Friends Of PHP
Friends Of PHP
added 2024/04/24 12:2 p.m.56 views

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

4.3CVSS4.5AI score0.00408EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2024/04/16 5:28 p.m.3 views

opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.7AI score0.00878EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/03/07 8:44 p.m.3 views

opencryptoki: timing side-channel in handling of RSA PKCS#1 v1.5 padded ciphertexts (Marvin)

A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key...

5.9CVSS5.7AI score0.00878EPSS
Exploits0References5
Rows per page
Query Builder