Lucene search
K

8 matches found

OSV
OSV
added 2026/06/05 4:3 p.m.8 views

GHSA-QHXG-623C-CFJM NocoDB: Plaintext Password Comparison in Shared Views

Summary The shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. Details The bcrypt branch hashes starting with $2a$/$2b$ was unaffected. The legacy fallback in View.t...

6.9CVSS5.5AI score0.00253EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 7:37 p.m.8 views

CVE-2026-41407

OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attackers can measure timing differences to leak secret-length information, weakening constant-time handli...

6.3CVSS0.00225EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.6 views

PT-2026-35790

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.2 Description A timing side channel occurs in shared-secret comparison call sites that utilize early length-mismatch checks rather than fixed-length comparison helpers. This allows attackers to measure timing...

6.3CVSS5.8AI score0.00225EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2025/03/12 5:5 a.m.4 views

SUSE CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

3.7CVSS5.8AI score0.00145EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/03 12:24 p.m.7 views

Mozilla: Cross-Origin resource's length leaked

The Mozilla Foundation Security Advisory describes this flaw as: A malicious website that could have learned the size of a cross-origin resource that supported Range requests...

9.8CVSS7.3AI score0.01055EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/06/01 8:30 p.m.4 views

Mozilla: Cross-Origin resource's length leaked

The Mozilla Foundation Security Advisory describes this flaw as: A malicious website that could have learned the size of a cross-origin resource that supported Range requests...

9.8CVSS7.3AI score0.01055EPSS
Exploits0References6
Veracode
Veracode
added 2019/12/02 2:29 a.m.8 views

Timing Attack

elliptic is vulnerable to timing attack. The leakage of bit-length of a scalar during scalar multiplication on an elliptic curve is possible and can lead to the recovery of the private key under specific conditions...

2.7AI score
Exploits0
OSV
OSV
added 2012/09/15 6:55 p.m.2 views

DEBIAN-CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

2.6CVSS8.6AI score0.04266EPSS
Exploits2References1
Rows per page
Query Builder