Lucene search
K

3242 matches found

OSV
OSV
added 2024/07/17 6:30 p.m.10 views

GHSA-J8CM-G7R6-HFPQ vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

6.3CVSS3.4AI score0.00201EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2024/07/17 3:21 p.m.35 views

Security Bulletin: Vulnerability with The Bouncy Castle Crypto affect IBM Cloud Object Storage Systems (July 2024v2)

Summary Vulnerability with The Bouncy Castle CryptoCVE-2024-29857, , Snappy CVE-2024-36124, CVE-2024-30171, CVE-2024-30172, This vulnerability has been addressed in the latest ClevOS release Vulnerability Details CVEID:CVE-2024-29857 DESCRIPTION: The Bouncy Castle Crypto Package For Java is...

7.5CVSS7AI score0.011EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/07/12 8:15 p.m.5 views

CVE-2023-41093

Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0...

3.1CVSS5.8AI score0.00193EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/07/11 12:28 p.m.8 views

bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)

A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS1 1.5 and OAEP decryption process a.k.a. Marvin Attack. An attacker can recover cipher-texts via a side-channe...

5.9CVSS7.3AI score0.00901EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2024/07/11 10:41 a.m.44 views

USN-6888-2: Django vulnerabilities

USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Elias Myllymäki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attacker could possibly use this...

7.5CVSS6.8AI score0.28637EPSS
Exploits0
Veracode
Veracode
added 2024/07/11 4:47 a.m.17 views

Timing Attack

Django is vulnerable to a Timing Attack. The vulnerability is due to the django.contrib.auth.backends.ModelBackend.authenticate method, allowing remote attackers to enumerate users via login requests with an unusable password...

5.3CVSS6.7AI score0.00889EPSS
Exploits0References7Affected Software2
Tenable Nessus
Tenable Nessus
added 2024/07/11 12:0 a.m.34 views

Ubuntu 18.04 LTS : Django vulnerabilities (USN-6888-2)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6888-2 advisory. USN-6888-1 fixed several vulnerabilities in Django. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the precedi...

7.5CVSS6.5AI score0.28637EPSS
Exploits0References5
OSV
OSV
added 2024/07/10 3:33 p.m.17 views

SUSE-SU-2024:2393-1 Security update for openssh

This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry bsc1227318. Other fixes: - Add obsoletes for openssh-server-config-rootlogin bsc1227350. - Add include in some files added by the ldap patch to fix build with...

7.5CVSS6.1AI score0.19753EPSS
Exploits7References8
OSV
OSV
added 2024/07/10 6:33 a.m.3 views

GHSA-X7Q2-WR7G-XQMF Django vulnerable to user enumeration attack

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

6.9CVSS5.9AI score0.00889EPSS
Exploits0References9
NVD
NVD
added 2024/07/10 5:15 a.m.17 views

CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS0.00889EPSS
Exploits0References4
OSV
OSV
added 2024/07/10 5:15 a.m.18 views

CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS7.4AI score
Exploits0References4
OSV
OSV
added 2024/07/10 5:15 a.m.1 views

DEBIAN-CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS6.4AI score0.00889EPSS
Exploits0References1
PyPA
PyPA
added 2024/07/10 5:15 a.m.5 views

PYSEC-2024-57

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS8.1AI score0.00889EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/07/10 5:15 a.m.6 views

PYSEC-2024-57

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS6.8AI score0.00889EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2024/07/10 3:24 a.m.2 views

SUSE CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS7.7AI score0.00889EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/07/10 12:0 a.m.30 views

CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

0.00889EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2024/07/10 12:0 a.m.13 views

CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

5.3CVSS6.9AI score0.00889EPSS
Exploits0
CNNVD
CNNVD
added 2024/07/10 12:0 a.m.3 views

Django Security Vulnerabilities

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 5.0 up to and including version 5.0.7, and...

5.3CVSS6.8AI score0.00889EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/07/10 12:0 a.m.23 views

CVE-2024-39329

An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. The django.contrib.auth.backends.ModelBackend.authenticate method allows remote attackers to enumerate users via a timing attack involving login requests for users with an unusable password...

6.8AI score0.00889EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/07/10 12:0 a.m.31 views

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS : Django vulnerabilities (USN-6888-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6888-1 advisory. Elias Myllymki discovered that Django incorrectly handled certain inputs with a large number of brackets. A remote attack...

7.5CVSS6.7AI score0.28637EPSS
Exploits0References5
Rows per page
Query Builder