Lucene search
K

185 matches found

Cvelist
Cvelist
added 2023/12/21 8:33 p.m.20 views

CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

4.6CVSS7.6AI score0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/12/21 8:33 p.m.9 views

CVE-2023-41097 Potential Timing vulnerability in CBC PKCS7 padding calculations

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0...

4.6CVSS7.4AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/12/21 12:0 a.m.6 views

PT-2023-27783 · Silicon · Silabs Gsdk

Name of the Vulnerable Software and Affected Versions: Silabs GSDK versions through 4.4.0 Description: The issue is related to an Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM. This vulnerability potentially allows a Padding Oracle Crypto Attack on CBC...

7.5CVSS6.6AI score0.00298EPSS
Exploits0References7
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.11 views

Interest still accuring when repayment is paused, creating debt that cannot be repaid

Lines of code Vulnerability details Impact Interest still accuring when repayment is paused Proof of Concept When the admin pause the lending pool repayment, as timestamp elapses, interest still accuring /// @inheritdoc ILendingPool function accrueInterest public uint lastAccruedTime =...

7.1AI score
Exploits0
OSV
OSV
added 2023/11/28 12:15 p.m.4 views

ALPINE-CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS8.4AI score0.01257EPSS
Exploits0References1
OSV
OSV
added 2023/11/28 12:15 p.m.1 views

DEBIAN-CVE-2023-5981

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

5.9CVSS6.2AI score0.01257EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/23 12:0 a.m.3 views

GnuTLS Security Vulnerabilities

GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS version 3.6.7-4+deb10u11, which stems from a security flaw in the RSA-PSK ClientKeyExchange, where the response time to a misformatted ciphertext differs from the...

5.9CVSS6.8AI score0.01257EPSS
Exploits0References12
CNNVD
CNNVD
added 2023/11/22 12:0 a.m.5 views

Cisco Secure Endpoint Security Vulnerability

Cisco Secure Endpoint Cisco AMP for Endpoints is an endpoint application from Cisco that integrates static and dynamic malware analysis and threat intelligence. A security vulnerability exists in Cisco Secure Endpoint for Windows that stems from a timing issue between various software components,...

5CVSS6.6AI score0.00172EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/10/21 12:0 a.m.3 views

The vulnerability of implementations of standards PKCS#1 v1.5, OAEP, and RASASVP in the NSS (Network Security Services) library allows a attacker to execute the Bleichenbacher attack or the Marvin attack.

The vulnerability of implementations of standards PKCS1 v1.5, OAEP, and RASASVP in the NSS Network Security Services library set is related to insufficient protection of service data due to timing discrepancies. Exploiting this vulnerability allows a remote attacker to execute the Bleichenbacher...

8.5CVSS6.6AI score0.00816EPSS
Exploits0References12Affected Software7
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

Limit accrueConcentratedPositionTimeWeightedLiquidity calls to prevent reward manipulation.

Lines of code Vulnerability details Impact It may be possible for a user to artificially increase their tracked liquidity right before claiming by rapidly entering/exiting positions. This could allow them to claim a larger % of rewards than they deserve. Proof of Concept The main risk of...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.13 views

Transactions could be frontrun to deposit assets and collect shares between the deposit request and collection

Lines of code Vulnerability details Impact Attacker can spoof deposit to get free shares. Proof of Concept requestDeposit - Requests a deposit, locks up the assets. collectDeposit - Collects the shares after deposit execution. The vulnerability arises because: requestDeposit locks up the assets,...

6.8AI score
Exploits0
OSV
OSV
added 2023/08/25 12:36 a.m.6 views

CVE-2023-40182 silverware-io-issue-tracker server responds in a noticeably different amount of time depending if a given email address exists or not

Silverware Games is a premium social network where people can play games online. When using the Recovery form, a noticeably different amount of time passes depending of whether the specified email address presents in our database or not. This has been fixed in version 1.3.7...

3.7CVSS6.9AI score0.00328EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/08/02 12:0 a.m.12 views

Lack of protection when withdrawing Static Atoken

Lines of code Vulnerability details Impact The Aave plugin is associated with an ever-increasing exchange rate. The earlier a user wraps the AToken, the more Static Atoken will be minted and understandably no slippage protection is needed. However, since the rate is not linearly increasing,...

7.1AI score
Exploits0
Amazon
Amazon
added 2023/05/03 12:0 a.m.3 views

Important: gnutls

Issue Overview: A timing side-channel vulnerability was found in RSA ClientKeyExchange messages in GnuTLS. This side-channel may be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, the attacker wou...

7.4CVSS7.1AI score0.01403EPSS
Exploits1
OSV
OSV
added 2023/04/19 7:15 p.m.4 views

CVE-2023-1585

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use TOCTOU vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. The issue was fixed with Avast and AVG Antivirus version 22.11 and virus definitions from 14 February 2023 or later...

6.3CVSS5.9AI score0.00167EPSS
Exploits0References1
Prion
Prion
added 2023/02/16 10:15 p.m.23 views

Design/Logic Flaw

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

2.6CVSS5.7AI score0.00594EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/01/08 12:0 a.m.8 views

PT-2023-10334 · Viafintech · Viafintech Barzahlen Payment Module Php Sdk

Name of the Vulnerable Software and Affected Versions: viafintech Barzahlen Payment Module PHP SDK versions up to 2.0.0 Description: A vulnerability was found in the viafintech Barzahlen Payment Module PHP SDK, affecting the verify function of the file src/Webhook.php. The manipulation leads to...

5.3CVSS4.4AI score0.00625EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/01/01 12:0 a.m.6 views

Primecoin 安全漏洞

Primecoin is an experimental cryptocurrency open-sourced by Ziftr. A security vulnerability exists in Primecoin version 0.8.4rc1 and earlier versions, which stems from the fact that incorrect manipulation of the parameter strUserPass/strRPCUserColonPass can lead to noticeable timing differences...

7.5CVSS5.4AI score0.00676EPSS
Exploits0References5
NVD
NVD
added 2022/07/11 8:15 p.m.24 views

CVE-2020-35168

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...

9.8CVSS0.00483EPSS
Exploits0References2
NVD
NVD
added 2022/07/11 8:15 p.m.26 views

CVE-2020-35167

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability...

9.8CVSS0.01045EPSS
Exploits0References2
Rows per page
Query Builder