Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-0181

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.01131EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2025/01/28 9:32 a.m.12 views

Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing

Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...

6.5CVSS7.1AI score0.01131EPSS
Exploits1References9Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/28 9:7 a.m.20 views

CVE-2024-23953 Apache Hive: Timing Attack Against Signature in LLAP util

Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...

6.3AI score0.01131EPSS
Exploits1References6
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/24 6:34 a.m.45 views

Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition

Summary Vulnerabilities found within Apache Storm CVE-2020-25649, CVE-2020-36518, CVE-2021-22569, CVE-2021-38153 that is used by IBM Tivoli Network Manager ITNM IP Edition Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected securit...

7.5CVSS7.2AI score0.17611EPSS
Exploits2Affected Software1
RedHat Linux
RedHat Linux
added 2023/01/31 1:12 p.m.6 views

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.8AI score0.00584EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2021/09/29 6:56 p.m.105 views

CVE-2021-38153

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...

5.9CVSS4.1AI score0.05773EPSS
Exploits0References3
CNVD
CNVD
added 2021/09/22 12:0 a.m.45 views

Apache Kafka Timing Attack Vulnerability

Apache Kafka is an open source distributed streaming platform developed by the Apache Apache Software Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. A timing attack vulnerability...

5.9CVSS6.6AI score0.05773EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/09/21 12:0 a.m.0 views

Apache Kafka 安全漏洞

Apache Kafka is an open source distributed streaming platform developed by the Apache Apache Software Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. A timing attack vulnerability...

5.9CVSS7AI score0.05773EPSS
Exploits0References35
Rows per page
Query Builder