CWE:
 

Sorry. No results for Bugtraq WLB2


CVEMAP Search Results

CVE
Details
Description
2018-06-04
Low
CVE-2016-1000341

Vendor: Bouncycastle
Software: Legion-of-th...
 

 
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for the generation of signatures, the lack of blinding in 1.55, or earlier, may allow an attacker to gain information about the signature's k value and ultimately the private value as well.

 
Low
CVE-2016-1000345

Vendor: Bouncycastle
Software: Legion-of-th...
 

 
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack. For BC 1.55 and older, in an environment where timings can be easily observed, it is possible with enough observations to identify when the decryption is failing due to padding.

 
2018-03-17
Medium
CVE-2017-18239

Vendor: Authentikat-jwt project
Software: Authentikat-jwt
 

 
A time-sensitive equality check on the JWT signature in the JsonWebToken.validate method in main/scala/authentikat/jwt/JsonWebToken.scala in authentikat-jwt (aka com.jason-goodwin/authentikat-jwt) version 0.4.5 and earlier allows the supplier of a JWT token to guess bit after bit of the signature by repeating validation requests.

 
2017-11-16
Medium
CVE-2017-11038

Vendor: Google
Software: Android
 

 
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use.

 
2017-08-10
Medium
CVE-2017-3156

Vendor: Apache
Software: CXF
 

 
The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

 
2017-07-21
Medium
CVE-2015-5300

Vendor: Fedoraproject
Software: Fedora
 

 
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).

 
2017-07-20
Low
CVE-2017-7006

Vendor: Apple
Software: Safari
 

 
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top