8 matches found
EUVD-2025-0181
Malicious code in bioql PyPI...
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...
CVE-2024-23953 Apache Hive: Timing Attack Against Signature in LLAP util
Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...
Security Bulletin: Vulnerabilities found within Apache Storm that is used by IBM Tivoli Network Manager (ITNM) IP Edition
Summary Vulnerabilities found within Apache Storm CVE-2020-25649, CVE-2020-36518, CVE-2021-22569, CVE-2021-38153 that is used by IBM Tivoli Network Manager ITNM IP Edition Vulnerability Details CVEID:CVE-2020-25649 DESCRIPTION: FasterXML Jackson Databind could provide weaker than expected securit...
wildfly-elytron: possible timing attacks via use of unsafe comparator
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...
CVE-2021-38153
Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been...
Apache Kafka Timing Attack Vulnerability
Apache Kafka is an open source distributed streaming platform developed by the Apache Apache Software Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. A timing attack vulnerability...
Apache Kafka 安全漏洞
Apache Kafka is an open source distributed streaming platform developed by the Apache Apache Software Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. A timing attack vulnerability...