24 matches found
CVE-2026-44061
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...
pyquorum: Timing side‑channel in mul_mod
Impact The mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of secret‑sharing operations e.g., via a remote service could progressively recover the valu...
SUSE CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
CVE-2012-5607
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...
GHSA-Q8HG-PF8V-CXRV Symfony Http-Kernel has non-constant time comparison in UriSigner
When checking the signature of an URI an ESI fragment URL for instance, the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability...
Symfony Http-Kernel has non-constant time comparison in UriSigner
When checking the signature of an URI an ESI fragment URL for instance, the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability...
Symfony 2.8.0 <= 2.8.51, 3.4.0 <= 3.4.34, 4.2.0 <= 4.2.11 and 4.3.0 <= 4.3.7 Multiple Vulnerabilities
Symfony is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH, https://www.greenbone.net SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the...
FreeBSD : OpenSSL -- Multiple vulnerabilities (9e0c6f7a-d46d-11e9-a1c7-b499baebfeaf)
The OpenSSL project reports : ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only...
lydian.astro.ulg.ac.be Improper Access Control vulnerability
Open Bug Bounty ID: OBB-593281 Description| Value ---|--- Affected Website:| lydian.astro.ulg.ac.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
Fedora 22 : php-symfony-2.7.7-2.fc22 / php-twig-1.23.1-2.fc22 (2015-0b89738311)
Twig 1.23.1 2015-11-05 fixed some exception messages which triggered PHP warnings fixed BC on TwigTestNodeTestCase Twig 1.23.0 2015-10-29 - deprecated the possibility to override an extension by registering another one with the same name deprecated TwigExtensionInterface::getGlobals added...
Fedora 23 : php-symfony-2.7.7-2.fc23 / php-twig-1.23.1-2.fc23 (2015-0efcb5fbc5)
Twig 1.23.1 2015-11-05 fixed some exception messages which triggered PHP warnings fixed BC on TwigTestNodeTestCase Twig 1.23.0 2015-10-29 - deprecated the possibility to override an extension by registering another one with the same name deprecated TwigExtensionInterface::getGlobals added...
CVE-2015-8125
Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...
DEBIAN-CVE-2015-8125
Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...
Debian DSA-3402-1 : symfony - security update
Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8124 The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within th...
Debian Security Advisory DSA 3402-1 (symfony - security update)
Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within the...
DSA-3402-1 symfony - security update
Bulletin has no description...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
More info at https://symfony.com/cve-2015-8125...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
More info at https://symfony.com/cve-2015-8125...
CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service
More info at https://symfony.com/cve-2015-8125...