Timing Attacks

cf-uaa-lib is vulnerable to timing attacks. This vulnerability is caused because the HMAC hashes are not compared in constant time, allowing malicious users to guess the valid HMAC hashes based on the time that a comparison takes...

Timing Attack

django-debug-toolbar is vulnerable to timing attacks. The library is vulnerable because they do not compare HMACs in constant-time, which allows malicious users to use the timing of the request to progressively identify a valid HMAC hashes...

Hashcat v3.20 - World's Fastest and Most Advanced Password Recovery Utility

hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. hashcat currently supports CPU's, GPU's other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable...

MySQL 5.7.x < 5.7.16 Multiple Vulnerabilities (October 2016 CPU) (SWEET32)

The version of MySQL running on the remote host is 5.7.x prior to 5.7.16. It is, therefore, affected by multiple vulnerabilities : - Multiple integer overflow conditions exist in s3srvr.c, sslsess.c, and t1lib.c due to improper use of pointer arithmetic for heap-buffer boundary checks. An...

Security update for systemd (important)

This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

openSUSE Security Update : systemd (openSUSE-2016-1184)

This update for systemd fixes the following issues : - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

openSUSE: Security Advisory for systemd (openSUSE-SU-2016:2522-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : systemd (SUSE-SU-2016:2476-1)

This update for systemd fixes the following security issue : - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

SUSE-SU-2016:2476-1 Security update for systemd

This update for systemd fixes the following security issue: - CVE-2016-7796: A zero-length message received over systemd's notification socket could make managerdispatchnotifyfd return an error and, as a side effect, disable the notification handler completely. As the notification socket is...

Oracle Linux 6 / 7 : openssl (ELSA-2016-1940)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1940 advisory. - fix CVE-2016-2177 - possible integer overflow - fix CVE-2016-2178 - non-constant time DSA operations - fix CVE-2016-2179 - further DoS issues in...

Matroschka - Python Steganography Tool To Hide Images Or Text In Images

Матрёшка mɐˈtrʲɵʂkə is a command-line steganography tool written in pure Python. You can use it to hide and encrypt images or text in the least significant bits of pixels in an image. Encryption The encryption uses HMAC-SHA256 to authenticate the hidden data. Therefore the supplied MAC password i...

ALPINE-CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

DEBIAN-CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

Design/Logic Flaw

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

UBUNTU-CVE-2016-6302

The tlsdecryptticket function in ssl/t1lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short...

RUSTSEC-2016-0005 rust-crypto is unmaintained; switch to a modern alternative

The rust-crypto crate has not seen a release or GitHub commit since 2016, and its author is unresponsive. NOTE: The old rust-crypto crate with hyphen should not be confused with similarly named new RustCrypto GitHub Org without hyphen. The GitHub Org is actively maintained. We recommend you switc...