Lucene search
K

16 matches found

CNNVD
CNNVD
added 2025/01/28 12:0 a.m.5 views

Apache Hive 安全漏洞

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. A trust...

6.5CVSS6.8AI score0.01131EPSS
Exploits1References7
OSV
OSV
added 2024/02/13 6:30 a.m.14 views

GHSA-747X-5M58-MQ97 svix vulnerable to Authentication Bypass

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...

6.8CVSS6AI score0.0041EPSS
Exploits0References6
Prion
Prion
added 2024/02/13 5:15 a.m.21 views

Authentication flaw

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...

4CVSS7.1AI score0.0041EPSS
Exploits0References4
OSV
OSV
added 2024/02/13 5:0 a.m.18 views

CVE-2024-21491

Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of th...

5.9CVSS7.1AI score0.0041EPSS
Exploits0References6
PyPA
PyPA
added 2023/01/24 12:0 a.m.6 views

PYSEC-2023-1

Adyen has utility methods for validating notification HMAC signatures. The isvalidhmac and isvalidhmacnotification methods are vulnerable to a timing attack, you should compare the hash of the HMACs instead...

6.9AI score
Exploits0References2Affected Software1
Mageia
Mageia
added 2020/12/21 9:47 p.m.27 views

Updated mbedtls packages fix security vulnerabilities

This update provides security bug fixes and minor enhancements. Limit the size of calculations performed by mbedtlsmpiexpmod to MBEDTLSMPIMAXSIZE to prevent a potential denial of service when generating Diffie-Hellman key pairs. A failure of the random generator was ignored in mbedtlsmpifillrando...

2.3AI score
Exploits0References2
NVD
NVD
added 2020/10/05 7:15 p.m.29 views

CVE-2020-15237

In Shrine before version 3.3.0, when using the derivationendpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.securecompare...

5.9CVSS0.01007EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2019/11/19 5:1 p.m.54 views

CVE-2016-1000236

Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used...

4.4CVSS4.6AI score0.00896EPSS
Exploits0
OSV
OSV
added 2019/09/26 9:30 p.m.7 views

GHSA-FGMR-VX7C-5WJ6 Timing attack on HMAC signature comparison in Apache Tapestry

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.8CVSS7.7AI score0.08752EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2019/09/26 9:30 p.m.36 views

Timing attack on HMAC signature comparison in Apache Tapestry

The code which checks HMAC in form submissions used String.equals for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the correct signature for their payload. The comparison...

9.8CVSS2.1AI score0.08752EPSS
Exploits1References7Affected Software1
CNVD
CNVD
added 2018/09/26 12:0 a.m.7 views

Apache Mesos Information Disclosure Vulnerability

Apache Mesos is the United States Apache Apache Software Foundation of a set of support for Hadoop, ElasticSearch and Spark and other application architecture of open source cluster management software. A security vulnerability exists in the comparison of the HMAC values generated in Apache Mesos...

5.9CVSS6AI score0.03056EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/06/12 10:9 p.m.20 views

Automattic: Timing attack woocommerce, simplify commerce gateway

file class-wc-gateway-simplify-commerce.php method returnhandler e.g. where woocommerce marks the order regarding its payment / transaction. public function returnhandler @obclean; header 'HTTP/1.1 200 OK' ; if isset $REQUEST'reference' && isset $REQUEST'paymentId' && isset $REQUEST'signature'...

1AI score
Exploits0
Veracode
Veracode
added 2017/01/05 6:57 a.m.7 views

Timing Attack

json-jwt is vulnerable to timing attacks. The library is vulnerable because they do not compare signatures in constant-time, which allows malicious users to use the timing of the request to progressively identify a valid signatures...

6.6AI score
Exploits0
Veracode
Veracode
added 2016/12/30 2:52 a.m.9 views

Timing Attacks

pylons is vulnerable to timing attacks. It is possible by comparing the time of signature comparison on signed cookies...

6.7AI score
Exploits0
Veracode
Veracode
added 2016/12/09 2:50 a.m.8 views

Timing Attack

django-simple-sso is vulnerable to timing attacks. The library is vulnerable because they do not compare signatures in constant-time, which allows malicious users to use the timing of the request to progressively identify a valid signature...

6.6AI score
Exploits0
seebug.org
seebug.org
added 2011/03/27 12:0 a.m.27 views

Linux Kernel “sound/oss/midi_synth.c”内存破坏漏洞

BUGTRAQ ID: 47007 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel “sound/oss/midisynth.c”在实现上存在内存破坏漏洞,本地攻击者可利用此漏洞造成内存破坏,在非x86架构上,可允许攻击者运行任意代码,造成拒绝服务。此漏洞亦可影响OSS子系统。 传递到midisynthloadpatch的偏移可以是任意的,如果大于标头值,会造成copyfromuserdst, src,...

6.8AI score
Exploits0
Rows per page
Query Builder