16 matches found
Apache Hive 安全漏洞
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A trust...
GHSA-747X-5M58-MQ97 svix vulnerable to Authentication Bypass
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
Authentication flaw
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
CVE-2024-21491
Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...
PYSEC-2023-1
Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...
Updated mbedtls packages fix security vulnerabilities
This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...
CVE-2020-15237
In Shrine before version 3.3.0, when using the derivationendpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.securecompare...
CVE-2016-1000236
Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used...
GHSA-FGMR-VX7C-5WJ6 Timing attack on HMAC signature comparison in Apache Tapestry
The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...
Timing attack on HMAC signature comparison in Apache Tapestry
The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...
Apache Mesos Information Disclosure Vulnerability
Apache Mesos is the United States Apache Apache Software Foundation of a set of support for Hadoop, ElasticSearch and Spark and other application architecture of open source cluster management software. A security vulnerability exists in the comparison of the HMAC values generated in Apache Mesos...
Automattic: Timing attack woocommerce, simplify commerce gateway
file class-wc-gateway-simplify-commerce.php method returnhandler e.g. where woocommerce marks the order regarding its payment / transaction. public function returnhandler @obclean; header 'HTTP/1.1 200 OK' ; if isset $REQUEST'reference' && isset $REQUEST'paymentId' && isset $REQUEST'signature'...
Timing Attack
json-jwt is vulnerable to timing attacks. The library is vulnerable because they do not compare signatures in constant-time, which allows malicious users to use the timing of the request to progressively identify a valid signatures...
Timing Attacks
pylons is vulnerable to timing attacks. It is possible by comparing the time of signature comparison on signed cookies...
Timing Attack
django-simple-sso is vulnerable to timing attacks. The library is vulnerable because they do not compare signatures in constant-time, which allows malicious users to use the timing of the request to progressively identify a valid signature...
Linux Kernel “sound/oss/midi_synth.c”内存破坏漏洞
BUGTRAQ ID: 47007 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel “sound/oss/midisynth.c”在实现上存在内存破坏漏洞,本地攻击者可利用此漏洞造成内存破坏,在非x86架构上,可允许攻击者运行任意代码,造成拒绝服务。此漏洞亦可影响OSS子系统。 传递到midisynthloadpatch的偏移可以是任意的,如果大于标头值,会造成copyfromuserdst, src,...