Lucene search
K

719 matches found

CNNVD
CNNVD
added 2026/03/27 12:0 a.m.9 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is a mail storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability; this vulnerability stems from direct comparison in credential verification and makes it vulnerable to timing attack attacks, whi...

7.4CVSS5.8AI score0.00392EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:3 a.m.8 views

ksmbd: Compare MACs in constant time

...

7.4CVSS5.8AI score0.00392EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/25 6:47 p.m.5 views

CVE-2026-23364

A flaw was found in ksmbd, a Linux kernel module. This vulnerability stems from the use of a non-constant time memory comparison function when verifying Message Authentication Codes MACs. A remote attacker could exploit this timing difference to conduct a timing attack, potentially leading to the...

5.8AI score0.00392EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/25 4:55 p.m.6 views

SUSE CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS5.7AI score0.00392EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 12:30 p.m.4 views

EUVD-2026-15344

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

5.6AI score0.00392EPSS
Exploits0References7
CVE
CVE
added 2026/03/25 10:27 a.m.23 views

CVE-2026-23364

CVE-2026-23364 concerns the Linux kernel’s ksmbd path, where MAC comparisons were not performed in constant time. The underlying issue is a timing-attack-prone memcmp() usage; the recommended fix is to replace memcmp() with crypto_memneq() to ensure constant-time comparisons. The vulnerability is...

7.4CVSS5.6AI score0.00392EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.8 views

CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

5.6AI score0.00392EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/03/25 10:27 a.m.7 views

CVE-2026-23364 ksmbd: Compare MACs in constant time

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS5.7AI score0.00392EPSS
Exploits0References10
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from comparing MAC addresses using non-constant time functions, potentially leading to timing attacks...

7.4CVSS7AI score0.00392EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.6 views

CVE-2026-28475

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

6.3CVSS5.8AI score0.00284EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28464

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

8.2CVSS5.8AI score0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/05 9:59 p.m.28 views

CVE-2026-28464 OpenClaw < 2026.2.12 - Timing Attack in Hooks Token Authentication

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

8.2CVSS0.00386EPSS
Exploits0References3
OSV
OSV
added 2026/03/02 10:43 p.m.4 views

GHSA-JMM5-FVH5-GF4P OpenClaw has non-constant-time token comparison in hooks authentication

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

8.2CVSS5.9AI score0.00386EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

Trilium Notes 安全漏洞

Trilium Notes is a hierarchical note-taking application developed by Zadam, the individual developer of this project. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.101.0 contained security vulnerabilities. These vulnerabilities stemmed from critical...

7.4CVSS5.8AI score0.00509EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: openssh (CVE-2024-39894)

The version of openssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39894 advisory. - OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., fo...

7.5CVSS5.6AI score0.01634EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 7:15 p.m.12 views

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...

4.8CVSS0.00242EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : openssl-1.0.0-27.AXS4.2 (AXSA:2013-168:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-168:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

5CVSS7.1AI score0.35584EPSS
Exploits2References4
Github Security Blog
Github Security Blog
added 2026/01/13 2:55 p.m.11 views

Jervis Has Weak Random for Timing Attack Mitigation

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...

8.2CVSS6.9AI score0.00231EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/01/13 2:55 p.m.5 views

Insecure Randomness

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Insecure Randomness via the SecurityIO function. An attacker can predict random...

8.2CVSS6.8AI score0.00231EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.6 views

Jervis 安全特征问题漏洞

Jervis is an automation tool by Sam Gleske Personal Developer. A security signature issue vulnerability exists in versions prior to Jervis 2.2 that stems from the use of non-cryptographically secure java.util.Random, which may not be effective in mitigating timing attacks...

8.2CVSS5.8AI score0.00231EPSS
Exploits0References3
Rows per page
Query Builder