185 matches found
CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...
CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations
An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...
PT-2023-27783 · Silicon · Silabs Gsdk
Name of the Vulnerable Software and Affected Versions: Silabs GSDK versions through 4.4.0 Description: The issue is related to an Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM. This vulnerability potentially allows a Padding Oracle Crypto Attack on CBC...
Interest still accuring when repayment is paused, creating debt that cannot be repaid
Lines of code Vulnerability details Impact Interest still accuring when repayment is paused Proof of Concept When the admin pause the lending pool repayment, as timestamp elapses, interest still accuring /// @inheritdoc ILendingPool function accrueInterest public uint lastAccruedTime =...
ALPINE-CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
DEBIAN-CVE-2023-5981
A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...
GnuTLS Security Vulnerabilities
GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS version 3.6.7-4+deb10u11, which stems from a security flaw in the RSA-PSK ClientKeyExchange, where the response time to a misformatted ciphertext differs from the...
Cisco Secure Endpoint Security Vulnerability
Cisco Secure Endpoint Cisco AMP for Endpoints is an endpoint application from Cisco that integrates static and dynamic malware analysis and threat intelligence. A security vulnerability exists in Cisco Secure Endpoint for Windows that stems from a timing issue between various software components,...
The vulnerability of implementations of standards PKCS#1 v1.5, OAEP, and RASASVP in the NSS (Network Security Services) library allows a attacker to execute the Bleichenbacher attack or the Marvin attack.
The vulnerability of implementations of standards PKCS1 v1.5, OAEP, and RASASVP in the NSS Network Security Services library set is related to insufficient protection of service data due to timing discrepancies. Exploiting this vulnerability allows a remote attacker to execute the Bleichenbacher...
Limit accrueConcentratedPositionTimeWeightedLiquidity calls to prevent reward manipulation.
Lines of code Vulnerability details Impact It may be possible for a user to artificially increase their tracked liquidity right before claiming by rapidly entering/exiting positions. This could allow them to claim a larger % of rewards than they deserve. Proof of Concept The main risk of...
Transactions could be frontrun to deposit assets and collect shares between the deposit request and collection
Lines of code Vulnerability details Impact Attacker can spoof deposit to get free shares. Proof of Concept requestDeposit - Requests a deposit, locks up the assets. collectDeposit - Collects the shares after deposit execution. The vulnerability arises because: requestDeposit locks up the assets,...
CVE-2023-40182 silverware-io-issue-tracker server responds in a noticeably different amount of time depending if a given email address exists or not
Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7...
Lack of protection when withdrawing Static Atoken
Lines of code Vulnerability details Impact The Aave plugin is associated with an ever-increasing exchange rate. The earlier a user wraps the AToken, the more Static Atoken will be minted and understandably no slippage protection is needed. However, since the rate is not linearly increasing,...
Important: gnutls
Issue Overview: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker wou...
CVE-2023-1585
Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use TOCTOU vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later...
Design/Logic Flaw
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...
PT-2023-10334 · Viafintech · Viafintech Barzahlen Payment Module Php Sdk
Name of the Vulnerable Software and Affected Versions: viafintech Barzahlen Payment Module PHP SDK versions up to 2.0.0 Description: A vulnerability was found in the viafintech Barzahlen Payment Module PHP SDK, affecting the verify function of the file src/Webhook.php. The manipulation leads to...
Primecoin 安全漏洞
Primecoin is an experimental cryptocurrency open-sourced by Ziftr. A security vulnerability exists in Primecoin version 0.8.4rc1 and earlier versions, which stems from the fact that incorrect manipulation of the parameter strUserPass/strRPCUserColonPass can lead to noticeable timing differences...
CVE-2020-35168
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...
CVE-2020-35167
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...