Enjin: Unauthenticated GraphQL access by prepending __schema to private operations

A security vulnerability was identified in the GraphQL schema of the Enjin Platform. The vulnerability allowed unauthorized access to the GraphQL schema by prepending "schema" to private operations. The vulnerability was discovered and reported by a security researcher. The specific location of t...

JLSEC-2025-223 An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

EUVD-2024-20689

Malicious code in bioql PyPI...

Astra Linux – Vulnerability in mbedtls

A vulnerability was discovered in Mbed TLS 2.x before version 2.28.7, and also in Mbed TLS 3.x before version 3.5.2. There was a timing-related side channel involved in RSA private operations. This side channel could allow a local attacker to recover the plaintext. To exploit this vulnerability,...

DEBIAN-CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

Design/Logic Flaw

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

UBUNTU-CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...

SUSE CVE-2024-23170

An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, a...