Lucene search
K

178 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-2467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a...

5.9CVSS6.3AI score0.00516EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2022-4304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

5.9CVSS7.6AI score0.16195EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.45 views

MikroTik RouterOS 安全漏洞

MikroTik RouterOS is a Linux-based router operating system developed by the Latvian company MikroTik. The system can be deployed in PCs to enable them to provide router functionality. A security vulnerability exists in MikroTik RouterOS versions v6.43 through v7.16.1, which stems from a differenc...

5.4CVSS6.4AI score0.00763EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.13 views

Azure Linux 3.0 Security Update: cloud-hypervisor / edk2 / hvloader / openssl (CVE-2022-4304)

The version of cloud-hypervisor / edk2 / hvloader / openssl installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4304 advisory. - A timing based side channel exists in the OpenSSL RSA Decryption...

5.9CVSS7.8AI score0.16195EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/28 4:51 p.m.31 views

Security Bulletin: IBM Master Data Management vulnerable to remote attack and denial of service from vulnerabilites in OpenSSL (CVE-2022-4304, CVE-2023-0215, CVE-2023-0286)

Summary IBM Master Data Management v11.6, and v12.0 are vulnerable to remote attack and denial of service from vulnerabilites found in OpenSSL. OpenSSL could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By...

7.5CVSS7.5AI score0.59501EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2024/10/08 1:40 p.m.11 views

Security Bulletin: Multiple Vulnerabilities in Rational Synergy 7.2.2.6

Summary Vulnerabilities in the Java Runtime Environment JRE 8.0.8.0 and earlier component shipped with Rational Synergy may affect the security of the product. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...

9.8CVSS8.7AI score0.01827EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/04 6:3 p.m.49 views

GHSA-2H46-8GF5-FMXV Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication

A timing-based username enumeration vulnerability has been identified in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it takes for the server to respond to login requests. The discrepancy ...

5.3CVSS5.4AI score0.00552EPSS
Exploits1References2
NVD
NVD
added 2024/09/04 4:15 p.m.45 views

CVE-2024-45052

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS0.00552EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/04 3:43 p.m.15 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS7.2AI score0.00552EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/09/04 3:43 p.m.49 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS0.00552EPSS
Exploits1References2
CVE
CVE
added 2024/09/04 3:43 p.m.59 views

CVE-2024-45052

Affected software : Fides Webserver authentication (part of the Fides platform). Vulnerability : timing-based username enumeration where an unauthenticated attacker can deduce valid usernames by measuring login response times. Root cause / mechanics : observable timing discrepancy between respons...

5.3CVSS5.3AI score0.00552EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/09/04 3:43 p.m.28 views

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS6.9AI score0.00552EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/09/04 12:0 a.m.7 views

PT-2024-31404

Name of the Vulnerable Software and Affected Versions Fides versions prior to 2.44.0 Description A timing-based username enumeration vulnerability exists in Fides Webserver authentication, allowing an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

5.3CVSS5.9AI score0.00552EPSS
Exploits1References14
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/08/30 5:56 a.m.2 views

IPCOM vulnerable to information disclosure

Overview SSL Accelerator/SSL-VPN Function of IPCOM provided by Fsas Technologies Inc. contains an information disclosure vulnerability due to observable timing discrepancy CWE-208. Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/...

7.5CVSS6.2AI score0.00427EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2024/08/22 12:0 a.m.25 views

Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2024-2287)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.75116EPSS
Exploits0References2
OSV
OSV
added 2024/06/11 12:0 a.m.5 views

UBUNTU-CVE-2024-5690

By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.3CVSS7.3AI score0.00736EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2024/05/15 4:28 a.m.61 views

CVE-2024-26306

A timing-based side-channel flaw was found in iperf3. If the iperf3 server is running with the --rsa-private-key-path option, the user authentication API can be attacked. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product...

5.9CVSS5.3AI score0.01098EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/14 3:32 p.m.33 views

Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

5.9CVSS6.7AI score0.00901EPSS
Exploits0References9Affected Software10
NVD
NVD
added 2024/05/14 3:21 p.m.32 views

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

5.9CVSS7.5AI score0.00901EPSS
Exploits0References4
OSV
OSV
added 2024/05/14 3:21 p.m.23 views

CVE-2024-30171

An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing...

6.6AI score
Exploits0References4
Rows per page
Query Builder