CVE-2016-10212

CVE-2016-10212 describes a GCM nonce reuse issue in Radware devices (note: may involve a third-party Cavium product) that allows remote attackers to obtain the authentication key and spoof data via a “forbidden attack.” Root cause: reuse of the initial nonces in GCM. Affected: Radware devices. Ex...

Side-channel Timing Attack

OpenSSL is vulnerable to side-channel timing attacks. These attacks are possible because the Montgomery ladder implementation doesn't run swap operations in constant time which makes it easier for local users to obtain ECDSA nonce values...

Citrix NetScaler Nonce Generation Vulnerability (CTX220329)

A flaw has been identified in the GCM nonce generation functionality of Citrix NetScaler application Delivery Controller ADC and Citrix NetScaler Gateway that could result in the interception of session data. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from...

CVE-2017-5933 - Vulnerability in Citrix NetScaler Application Delivery Controller and NetScaler Gateway GCM nonce generation

Description of Problem A flaw in NetScaler ADC and Gateway causes GCM nonces to be randomly generated, making it marginally easier for remote attackers to obtain the GCM authentication key and spoof data within a session. The following vulnerability has been addressed: CVE-2017-5933: Vulnerabilit...

Replay Attack

libzmq aka ZeroMQ is vulnerable to replay attacks. It is due to a flaw in the creation and validation of nonces, failing to detect nonces and disconnect malicious peers...

SUSE SLES12 Security Update : squid (SUSE-SU-2017:0128-1)

This update for squid fixes the following issues : - CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker proxy user to discover private and sensitive information about another user bsc1016169. -...

SUSE-SU-2017:0128-1 Security update for squid

This update for squid fixes the following issues: - CVE-2016-10003: Prevent incorrect forwarding of cached private responses when Collapsed Forwarding feature is enabled. This allowed remote attacker proxy user to discover private and sensitive information about another user bsc1016169. -...

SUSE SLES12 Security Update : squid (SUSE-SU-2017:0116-1)

This update for squid fixes the following issues : - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached bsc1016168 - CVE-2014-9749: Prevent nonce replay in Dige...

SUSE-SU-2017:0116-1 Security update for squid

This update for squid fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached bsc1016168 - CVE-2014-9749: Prevent nonce replay in Diges...

SUSE-SU-2017:0110-1 Security update for squid3

This update for squid3 fixes the following issues: - CVE-2016-10002: Fixed incorrect processing of responses to If-None-Modified HTTP conditional requests. This allowed responses containing private data to clients it should not have reached bsc1016168 - CVE-2014-9749: Prevent nonce replay in Dige...

CVE-2016-1000032

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times...

Information disclosure

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times...

CVE-2016-1000032

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times...

CVE-2016-1000032

CVE-2016-1000032 affects TGCaptcha2 version 0.3.0, where a missing nonce allows a solved CAPTCHA to be reused, enabling a replay attack. The provided connected documents corroborate this vulnerability and describe the core issue as a replay vulnerability due to the missing nonce. Impact is a sing...

New Google Tools Help Devs Improve Content Security Policy Protection

Cross-site scripting is the cockroach of web application security vulnerabilities, enjoying continued longevity despite the abundant availability of scanning tools and programming advice designed to squash it. Google yesterday took another shot at eradicating XSS attacks with the release of two...

W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass

The /pub/apc.php file is used to empty the OPCache/APC. The script seems protected by a nonce aka security token: $nonce = W3Request::getstring'nonce'; $uri = $SERVER'REQUESTURI'; if wphash$uri == $nonce But the flaw stays in the == operator which is not the one to use when you want to compare...

W3 Total Cache <= 0.9.4.1 – Unauthenticated Security Token Bypass

The /pub/apc.php file is used to empty the OPCache/APC. The script seems protected by a nonce aka security token: $nonce = W3Request::getstring'nonce'; $uri = $SERVER'REQUESTURI'; if wphash$uri == $nonce But the flaw stays in the == operator which is not the one to use when you want to compare...

Ruby: Ruby OpenSSL Library - IV Reuse in GCM Mode

Hello, An IV reuse bug was discovered in Ruby's OpenSSL library when using aes-gcm. When encrypting data with aes--gcm, if the IV is set before setting the key, the cipher will default to using a static IV. This creates a static nonce and since aes-gcm is a stream cipher, this can lead to known...

WP Front End Profile <= 0.2.1 - Privilege Escalation & Stored Cross-Site Scripting (XSS)

It is possible to modify a POST request to overwrite user meta including 'wpcapabilities' and 'wpuserlevel' which results in a privilege escalation vulnerability. User input is not sanitised or escaped on output resulting in a stored XSS vulnerability. Timeline: 2016-09-12: Vulnerability found...

Ian Dunn: Send emails to all users using Camptix

Ian, This is my first stab at submitting a bug, and I'm not even sure it is one. Here's what I found. If an admin of a site using Camptix who is logged into the admin screen visits a malicious site which has access to a valid wpnonce value could send a large volume of spam to all ticket holders...