Vulnerabilities > 7PK - Time and State

DATE CVE VULNERABILITY TITLE RISK
2018-06-04 CVE-2016-1000345 7PK - Time and State vulnerability in multiple products
In the Bouncy Castle JCE Provider version 1.55 and earlier the DHIES/ECIES CBC mode vulnerable to padding oracle attack.
network
high complexity
bouncycastle debian CWE-361
5.9
2018-06-04 CVE-2016-1000341 7PK - Time and State vulnerability in multiple products
In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack.
network
high complexity
bouncycastle debian CWE-361
5.9
2017-07-21 CVE-2015-5300 7PK - Time and State vulnerability in multiple products
The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or to alter the time by up to 900 seconds otherwise by responding to an unspecified number of requests from trusted sources, and leveraging a resulting denial of service (abort and restart).
7.5
2017-04-12 CVE-2016-7547 7PK - Time and State vulnerability in Trendmicro Threat Discovery Appliance 2.6.1062
A command execution flaw on the Trend Micro Threat Discovery Appliance 2.6.1062r1 exists with the timezone parameter in the admin_sys_time.cgi interface.
network
low complexity
trendmicro CWE-361
critical
9.8
2017-01-23 CVE-2016-7037 7PK - Time and State vulnerability in JWT Project JWT
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.
network
low complexity
jwt-project CWE-361
7.5
2017-01-23 CVE-2016-7036 7PK - Time and State vulnerability in Python-Jose Project Python-Jose
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
network
low complexity
python-jose-project CWE-361
critical
9.8
2016-03-13 CVE-2016-1643 7PK - Time and State vulnerability in Google Chrome
The ImageInputType::ensurePrimaryContent function in WebKit/Source/core/html/forms/ImageInputType.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly maintain the user agent shadow DOM, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
network
low complexity
google CWE-361
8.8