SUSE CVE-2012-5615

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

SUSE CVE-2019-13377

The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...

Nuntium 安全漏洞

Nuntium is an open source free platform developed by InSTEDD open source. Nuntium has a security vulnerability that originates from a problem with an unknown function in the file app/controllers/geopollcontroller.rb, where manipulation of the parameter signature can lead to observable timing...

OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Linux

OpenSSL is prone to a plaintext-recovery attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Windows

OpenSSL is prone to a plaintext-recovery attack. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OpenSSL: Multiple Vulnerabilities (CVE-2003-0131, CVE-2003-0147) - Linux

OpenSSL is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-37606

Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timin...

Code injection

Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timin...

CVE-2021-37606

Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timin...

CVE-2021-37606

CVE-2021-37606 documents a vulnerability in Meow hash 0.5/calico where an attacker can recover keys by testing whether there are collisions in the bottom bits of two message hashes, demonstrated via timing-difference measurements on a long-running web service. The issue is described across multip...

CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

CVE-2021-31866

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

Design/Logic Flaw

Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1640)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : nss (EulerOS-SA-2021-1615)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Network Security Services NSS before 3.46, several cryptographic primitives had missing length checks. In cases where the...

CVE-2020-14341

The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation. By observing differences in the timin...

EulerOS 2.0 SP8 : nss-softokn (EulerOS-SA-2020-2523)

According to the versions of the nss-softokn packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This...

EulerOS 2.0 SP9 : nss (EulerOS-SA-2020-2487)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability...

EulerOS 2.0 SP9 : nss (EulerOS-SA-2020-2500)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability...