Astra Linux - уязвимость в tomcat9

There is a vulnerability related to observable timing discrepancies when comparing AJP secrets in Apache Tomcat. This issue affects Apache Tomcat versions as follows: 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109...

Apache Shiro 安全漏洞

Apache Shiro is a Java security framework developed by the Apache Foundation in the United States. It is used for authentication, authorization, encryption, and session management. Versions of Apache Shiro such as 1. and 2.0.7 had security vulnerabilities. These vulnerabilities were due to observ...

Information Disclosure

Liferay Portal is vulnerable to Information Disclosure. The vulnerability is due to improper handling of object entry enumeration responses, which allows an attacker to determine the existence of specific External Reference Codes ERC in the application by exploiting response time differences...

EUVD-2013-1720

Malware in sbrugna...

EUVD-2016-2455

Malware in sbrugna...

EUVD-2019-4874

Malware in sbrugna...

EUVD-2014-2282

Malware in sbrugna...

CVE-2025-9824 User Enumeration via Response Timing

ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login...

Linux Distros Unpatched Vulnerability : CVE-2023-5981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct...

CVE-2025-54999

CVE-2025-54999 affects OpenBao (versions 0.1.0–2.3.1) via the userpass authentication method, enabling user enumeration due to timing differences between non-existent users and those with credentials. This timing side-channel is independent of credential validity. The issue is fixed in version 2....

PYSEC-2025-53

vLLM is an inference and serving engine for large language models LLMs. Prior to version 0.9.0, when a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First Token. These timing differences...

Zabbix 5.x < 5.0.46rc1 / 6.x < 6.0.38rc1 / 7.0.x < 7.0.9rc1 / 7.2.x < 7.2.3rc1 User Enumeration (ZBX-26255)

The version of Zabbix installed on the remote host affected by a user enumeration vulnerability. Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. Note that Nessus has not tested for this issue but has instead relied only on the...

Unspecified Vulnerability in IBM TXSeries for Multiplatforms

IBM TXSeries for Multiplatforms is a transaction monitoring and management software product from International Business Machines IBM designed to support distributed transaction processing on multiple platforms. A security vulnerability exists in IBM TXSeries for Multiplatforms version 10.1, which...

OpenSSL 0.9.6 < 0.9.6j Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.6j. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.6j advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

OpenSSL 0.9.7 < 0.9.7b Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.7b. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7b advisory. - The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA...

Observable Discrepancy

neos/flow is vulnerable to Observable Discrepancy . The vulnerability is due to observable timing differences within the PersistedUsernamePasswordProvider. An attacker can determine whether an account exists based on the timing of the response, because the hash is only generated if an account was...

Observable Discrepancy

Bouncy Castle is vulnerable to Observable Discrepancy. The vulnerability is due to improper handling of exceptions in RSA-based handshakes. An attacker can exploit the timing differences observed during these exceptions to reveal sensitive information...

Rocky Linux 8 : nss and nspr (RLSA-2020:3280)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:3280 advisory. - Improper refcounting of soft token session objects could cause a use-after-free and crash likely limited to a denial of service. This vulnerability...

SUSE CVE-2012-5615

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

SUSE CVE-2019-13377

The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...