20 matches found
CVE-2017-20240
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...
CVE-2017-20240
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...
CVE-2017-20240
CVE-2017-20240 affects Crypt::PBKDF2 for Perl, with versions before 0.261630 vulnerable to timing attacks due to using Perl’s built-in eq comparison. Discrepancies in timing could reveal information about the derived key. Affected software: Crypt::PBKDF2 prior to 0.261630. Root cause: insecure eq...
CVE-2017-20240 Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...
EUVD-2017-18978
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...
PT-2026-48869
Name of the Vulnerable Software and Affected Versions Crypt::PBKDF2 versions prior to 0.261630 Description Certain versions are susceptible to timing attacks because they utilize Perl's built-in eq comparison. This allows discrepancies in timing to be used to guess the underlying derived-key...
Linux Distros Unpatched Vulnerability : CVE-2017-20240
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing coul...
PT-2026-38292
Name of the Vulnerable Software and Affected Versions Micronaut Framework versions 4.3.0 through 4.10.21 Description An unauthenticated attacker can cause a denial of service by exhausting heap memory, leading to a JVM crash. The issue exists in the TimeConverterRegistrar component, which uses an...
golang-fips: Golang FIPS zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
GHSA-3H3X-2HWV-HR52 Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
CVE-2024-9355 Golang-fips: golang fips zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
CVE-2024-9355 Golang-fips: golang fips zeroed buffer
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted...
PT-2024-39589
Name of the Vulnerable Software and Affected Versions Golang FIPS OpenSSL affected versions not specified Description A flaw in Golang FIPS OpenSSL allows a malicious user to cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. This may also lead to a...
PT-2024-14964 · Synaptics · Synaptics Fingerprint Driver
Name of the Vulnerable Software and Affected Versions: Synaptics Fingerprint Driver affected versions not specified Description: The issue allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to it by using an encryption key derived from static...
Siemens Desigo PXC and DXR Devices Uncontrolled Resource Consumption (CVE-2022-24040)
A vulnerability has been identified in Desigo DXR2 All versions V01.21.142.5-22, Desigo PXC3 All versions V01.21.142.4-18, Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The web application fails to enforce an upper bound to the cost factor of the PBKD...
SSE-C Cryptographic Flaw
github.com/minio/minio is vulnerable to cryptographic flaws. The vulnerability exists as there is a weakness in the derived key-encryption-key for SSE-C encrypted objects. The vulnerability allows malicious users to replace objects that are encrypted with the same client key as it was not bound t...
Ubuntu 16.04 LTS : python-cryptography vulnerability (USN-3138-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3138-1 advisory. Markus Dring discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string...
USN-3138-1 python-cryptography vulnerability
Markus Döring discovered that python-cryptography incorrectly handled certain HKDF lengths. This could result in python-cryptography returning an empty string instead of the expected derived key...