3 matches found
CVE-2022-41914 Non-constant-time SCIM token comparison in Zulip Server
Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity ManagementSCIM account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically be...
ProFTPd 1.2.10 - Remote Users Enumeration
ProFTPd 1.2.10 - Remote Users Enumeration / Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis...
Multiple bugs in OpenSSH ssh-keysign
Vulnerable to Kocher timing analysis attack, some programming errors...