CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

OSV•added 2023/01/13 6:30 a.m.•23 views

GHSA-JMJ6-P2J9-68CP Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator

wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead...

7.4CVSS8.1AI score0.00499EPSS

Exploits0References4

Github Security Blog•added 2023/01/13 6:30 a.m.•39 views

Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator

7.4CVSS8.1AI score0.00499EPSS

Exploits0References4Affected Software1

OSV•added 2023/01/13 6:15 a.m.•32 views

CVE-2022-3143

7.4CVSS7.2AI score0.00499EPSS

Exploits0References1

NVD•added 2023/01/13 6:15 a.m.•11 views

CVE-2022-3143

7.4CVSS7.2AI score0.00499EPSS

Exploits0References1

Prion•added 2023/01/13 6:15 a.m.•14 views

Design/Logic Flaw

4CVSS7.5AI score0.00499EPSS

Exploits0References1Affected Software2

Cvelist•added 2023/01/11 8:57 p.m.•17 views

CVE-2022-3143

7.3AI score0.00499EPSS

Exploits0References1

RedhatCVE•added 2022/09/06 9:53 p.m.•58 views

CVE-2022-3143

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

7.4CVSS5.3AI score0.00499EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by