Lucene search
K

8801 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:24 a.m.3 views

SUSE CVE-2014-9749

Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."...

4CVSS7AI score0.11441EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.3 views

SUSE CVE-2016-2849

Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack...

7.5CVSS7AI score0.02463EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-1312

In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed...

5.9CVSS9.1AI score0.15885EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:19 a.m.3 views

SUSE CVE-2019-1543

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value IV should be 96 bits 12 bytes. OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also...

3.7CVSS6.7AI score0.05701EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:6 a.m.4 views

SUSE CVE-2019-18679

An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information...

5.9CVSS7.7AI score0.40982EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.3 views

SUSE CVE-2020-1759

A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the...

6.4CVSS6.8AI score0.01373EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.2 views

SUSE CVE-2020-6829

When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This...

5.3CVSS7.9AI score0.01449EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.4 views

SUSE CVE-2020-11945

An issue was discovered in Squid before 5.0.2. A remote attacker can replay a sniffed Digest Authentication nonce to gain access to resources that are otherwise forbidden. This occurs because the attacker can overflow the nonce reference counter a short integer. Remote code execution may occur if...

8.8CVSS8.2AI score0.27246EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.2 views

SUSE CVE-2020-12401

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox 80 and Firefox for Android 80...

4.7CVSS8.3AI score0.00309EPSS
Exploits0References20
SUSE CVE
SUSE CVE
added 2023/02/15 3:51 a.m.5 views

SUSE CVE-2020-35452

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make i...

8.1CVSS7.1AI score0.53191EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 3:36 a.m.3 views

SUSE CVE-2021-45451

In Mbed TLS before 3.1.0, psaaeadgeneratenonce allows policy bypass or oracle-based decryption when the output buffer is at memory locations accessible to an untrusted application...

7.5CVSS7.5AI score0.00923EPSS
Exploits0References3
OSV
OSV
added 2023/02/13 3:15 p.m.2 views

CVE-2023-0405

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts...

4.3CVSS5.9AI score0.00512EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.4 views

CVE-2023-0405 GPT3 AI Content Writer < 1.4.38 - Subscriber+ Arbitrary Post Content Update

The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts...

5.2AI score0.00512EPSS
Exploits2References1
wpexploit
wpexploit
added 2023/02/09 12:0 a.m.200 views

WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The plugin does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete the auth key. As a contributo...

4.3CVSS5.8AI score0.00801EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 2:15 a.m.4 views

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

4.3CVSS6.3AI score0.00308EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.3 views

CVE-2023-0725

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxclonefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
NVD
NVD
added 2023/02/08 2:15 a.m.38 views

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.2AI score0.00308EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0726

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxeditfolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 2:15 a.m.6 views

CVE-2023-0725

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxclonefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

4.3CVSS6.3AI score0.00308EPSS
Exploits0References3
Rows per page
Query Builder