46 matches found
EUVD-2021-0784
Malware in sbrugna...
EUVD-2016-9065
Malware in sbrugna...
EUVD-2024-45992
Malicious code in bioql PyPI...
EUVD-2022-7090
Malicious code in bioql PyPI...
EUVD-2023-2500
Malicious code in bioql PyPI...
EUVD-2023-2695
Malicious code in bioql PyPI...
EUVD-2024-0341
Malicious code in bioql PyPI...
EUVD-2022-0587
Malicious code in bioql PyPI...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-41935
Jenkins Azure AD Plugin 396.v86ce29279947 and earlier, except 378.380.v545b1154b3fb, uses a non-constant time comparison function when checking whether the provided and expected CSRF protection nonce are equal, potentially allowing attackers to use statistical methods to obtain a valid nonce...
CVE-2022-43411
Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Signature Forgery Attack
org.apache.hive, hive-llap-common is vulnerable to signature forgery attack. The vulnerability is due to the use of Arrays.equals for signature validation, which allows an attacker to forge a valid signature byte by byte due to its non-constant-time comparison...
CVE-2024-52307
authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRETKEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be...
GHSA-J757-PF57-F8R4 Gradio performs a non-constant-time comparison when comparing hashes
Impact What kind of vulnerability is it? Who is impacted? This vulnerability involves a timing attack in the way Gradio compares hashes for the analyticsdashboard function. Since the comparison is not done in constant time, an attacker could exploit this by measuring the response time of differen...
CVE-2024-41828
In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time...
CVE-2024-23903
Jenkins GitLab Branch Source Plugin 684.veafa7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
Information disclosure
Jenkins Gogs Plugin 1.0.15 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46660
Jenkins Zanata Plugin 0.6 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token hashes are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...
CVE-2023-46658
Jenkins MSTeams Webhook Trigger Plugin 0.1.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token...