8766 matches found
CVE-2019-15809
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private...
DEBIAN-CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
Design/Logic Flaw
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private...
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
UBUNTU-CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
CVE-2019-13628
wolfSSL and wolfCrypt 4.0.0 and earlier when configured without --enable-fpecc, --enable-sp, or --enable-sp-math contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about th...
CVE-2019-15809
Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private...
Download Plugins and Themes from Dashboard <= 1.5.0 - Unauthenticated Stored XSS
NinTechNet discovered a multiple security issues within the Download Plugins and Themes from Dashboard WordPress plugin. The plugin's setting update request did not check for authorisation, allowing an unauthenticated user to inject malicious JavaScript, which would be stored in the backend...
Duplicate Post <= 3.2.3 - Authenticated Stored Cross-Site Scripting (XSS)
The Duplicate Post plugin was vulnerable to Authenticated Stored Cross-Site Scripting XSS. However, the POST request had a CSRF nonce that was verified, and no user's without the unfilteredhtml capability, such as Author or Subscriber, were able to access the affected Duplicate Post settings page...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
Design/Logic Flaw
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10996
The optinmonster plugin before 1.1.4.6 for WordPress has incorrect access control for shortcodes because of a nonce leak...
CVE-2016-10996
The CVE-2016-10996 vulnerability affects the WordPress OptinMonster plugin prior to version 1.1.4.6. The root cause is incorrect access control for shortcode execution caused by a nonce leak, allowing an attacker to exploit shortcode handling. Several sources confirm the issue and reference the s...
WordPress Ad Inserter Plugin < 2.4.22 RCE Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113520";...
EulerOS 2.0 SP5 : openssl110h (EulerOS-SA-2019-1890)
According to the versions of the openssl110h packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce...
WordPress WP Social Feed Gallery Plugin < 2.4.8 Authentication Bypass Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113508";...
Rockwell Automation Stratix 5100 Wireless Access Point and Workgroup Bridge < 15.4 Reusing a Nonce (ICSA-17-299-02)
Binary data 720291.prm...
CVE-2019-15779
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...