18 matches found
EUVD-2017-0110
Malware in sbrugna...
EUVD-2022-5314
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-12872
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduc...
SUSE CVE-2017-8342
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...
SimpleSAMLphp allows timing side-channel attacks
The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...
GHSA-V882-949X-6V28 SimpleSAMLphp allows timing side-channel attacks
The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret material against user input...
Debian DLA-2187-1 : radicale security update
Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. For Debian 8 'Jessie', this problem has been fixed in version 0.9-1+deb8u2. We recommend that you upgrade your radicale packages...
[SECURITY] [DLA 2187-1] radicale security update
Package : radicale Version : 0.9-1+deb8u2 CVE ID : CVE-2017-8342 Radicale, a simple calendar and addressbook server - daemon, is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. For Debian 8 "Jessie", this problem has been fixed in version...
Fedora 29 : icecast (2018-b881073c43)
This release fixes buffer overflows in URL authentication code CVE-2018-18820, a crash in htpasswd authentication if no filename is set, a crash on xsltApplyStylesheet error, and a crash on malformed Opus streams. It also corrects global listener counter. It stops displaying hashed user passwords...
Debian DLA-1408-1 : simplesamlphp security update
CVE-2017-12872 / CVE-2017-12868 The 1 Htpasswd authentication source in the authcrypt module and 2 SimpleSAMLSession class in SimpleSAMLphp 1.14.11 and earlier allow remote attackers to conduct timing side-channel attacks by leveraging use of the standard comparison operator to compare secret...
Debian DLA-1205-1 : simplesamlphp security update
The simplesamlphp package in wheezy is vulnerable to multiple attacks on authentication-related code, leading to unauthorized access and information disclosure. CVE-2017-12867 The SimpleSAMLAuthTimeLimitedToken class allows attackers with access to a secret token to extend its validity period by...
MGASA-2017-0140 Updated radicale package fixes security vulnerability
Radicale before 1.1.2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method CVE-2017-8342...
Updated radicale package fixes security vulnerability
Radicale before 1.1.2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method CVE-2017-8342...
[SECURITY] [DLA 934-1] radicale security update
Package : radicale Version : 0.7-1.1+deb7u2 CVE ID : CVE-2017-8342 Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method. For Debian 7 "Wheezy", these problems have been fixed in version 0.7-1.1+deb7u2...
CVE-2017-8342
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...
UBUNTU-CVE-2017-8342
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...
CVE-2017-8342
Radicale is affected in versions before 1.1.2 and 2.x before 2.0.0rc2, where the htpasswd authentication method is prone to timing-based and brute-force attacks. The vulnerability exposes authentication weaknesses with potential confidential data exposure; CVSS details indicate varying impact (pa...
CVE-2017-8342
Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...