EUVD-2019-0665

Malware in sbrugna...

EUVD-2024-53381

Malicious code in bioql PyPI...

Security update for grub2

This update for grub2 fixes the following issues: CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2025:02725-1 Security update for grub2

This update for grub2 fixes the following issues: - CVE-2024-56738: Fixed side-channel attack due to not constant-time algorithm in grubcryptomemcmp bsc1234959...

CVE-2024-23953

Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...

Unspecified vulnerability in GNU GRUB

GNU GRUB is a Linux system boot program from the GNU community. A security vulnerability exists in GNU GRUB that stems from grubcryptomemcmp not using a constant time algorithm, no details of the vulnerability are provided at this time...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

CVE-2024-56738

GNU GRUB aka GRUB2 through 2.12 does not use a constant-time algorithm for grubcryptomemcmp and thus allows side-channel attacks...

CVE-2024-56738

CVE-2024-56738 details (Mode C): GNU GRUB (GRUB2) up to version 2.12 is affected because grub_crypto_memcmp is not implemented in constant time, enabling potential side-channel attacks. Connected Nessus entries for EulerOS/Virt show the same CVE-2024-56738 claim and reference. The description doe...

Timing attack on HMAC signature comparison in Apache Tapestry

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

CVE-2019-10071

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

CVE-2019-10071

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

Timing Attack

jenkins is vulnerable to timing attack. A remote attacker is able to determine API tokens through a brute-force approach of analyzing server response time to guess the value of the API tokens. This is due to the verification of the API tokens not being performed using a constant-time algorithm...

Timing Attack

jenkins is vulnerable to timing attack. A remote attacker is able to bypass CSRF protection mechanism through a brute-force approach of analyzing server response time to guess the value of CSRF tokens. This is due to the verification of the CSRF tokens not being performed using a constant-time...

Moderate severity vulnerability that affects actionpack

Withdrawn, accidental duplicate publish. The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and...

CVE-2016-0790

Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach...

CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...