Lucene search
K

737 matches found

Debian CVE
Debian CVE
added 2014/03/07 8:0 p.m.56 views

CVE-2013-7322

usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password OTP type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay...

4.9CVSS6.2AI score0.00884EPSS
Exploits0
Cvelist
Cvelist
added 2014/03/07 8:0 p.m.34 views

CVE-2013-7322

usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly handle lines containing an invalid one-time-password OTP type and a user name in /etc/users.oath, which causes the wrong line to be updated when invalidating an OTP and allows context-dependent attackers to conduct replay...

6.1AI score0.00884EPSS
Exploits0References6
OSV
OSV
added 2014/02/25 9:59 p.m.5 views

MGASA-2014-0101 Updated oath-toolkit packages fix security vulnerability

It was found that comments lines starting with a hash in /etc/users.oath could prevent one-time-passwords OTP from being invalidated, leaving the OTP vulnerable to replay attacks CVE-2013-7322...

4.9CVSS6.2AI score0.00884EPSS
Exploits0References5
ThreatPost
ThreatPost
added 2014/01/08 12:25 p.m.8 views

Sierra Wireless industrial gateways security vulnerabilities

A wireless gateway suitable for a number of industrial applications is vulnerable to remote exploit because of a lack of encryption in its update and reprogramming processes, an advisory from the Industrial Control Systems Cyber Emergency Response Team said yesterday. The Sierra Wireless AirLink...

1.3AI score
Exploits0References1
OSV
OSV
added 2013/10/25 8:53 p.m.12 views

MGASA-2013-0314 Updated python-oauth2 packages fix CVE-2013-4347

It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...

5.8CVSS6.3AI score0.0243EPSS
Exploits0References2
Mageia
Mageia
added 2013/10/25 8:53 p.m.32 views

Updated python-oauth2 packages fix CVE-2013-4347

It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...

5.8CVSS4AI score0.0243EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.35 views

Amazon Linux AMI : tomcat6 (ALAS-2011-25)

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...

7.5CVSS5.6AI score0.15226EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/07/18 12:0 a.m.31 views

FreeBSD : gallery -- multiple vulnerabilities (9b037a0d-ef2c-11e2-b4a0-8c705af55518)

Red Hat Security Response Team reports : Gallery upstream has released 3.0.9 version, correcting two security flaws : Issue 1 - Improper stripping of URL fragments in flowplayer SWF file might lead to reply attacks a different flaw than CVE-2013-2138. Issue 2 - gallery3: Multiple information...

7.5CVSS5.3AI score0.02707EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2013/07/16 12:0 a.m.22 views

Fedora 17 : gallery3-3.0.9-1.fc17 (2013-12441)

Fixes for CVE-2013-2240, CVE-2013-2241. A security flaw was found in the way flowplayer SWF file handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to this...

7.5CVSS5.6AI score0.02707EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.21 views

Fedora 18 : gallery3-3.0.8-1.fc18 (2013-10138)

A security flaw was found in the way uploadify and flowplayer SWF files handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to these files certain URL...

5.5AI score
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.14 views

Fedora 19 : gallery3-3.0.8-1.fc19 (2013-10032)

A security flaw was found in the way uploadify and flowplayer SWF files handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to these files certain URL...

5.5AI score
Exploits0References8
RedHat Linux
RedHat Linux
added 2013/05/28 5:28 p.m.8 views

tomcat: DIGEST authentication vulnerable to replay attacks

The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887...

2.6CVSS7.4AI score0.02128EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2013/05/28 5:28 p.m.35 views

Important: Red Hat Security Advisory: tomcat6 security update

Updated tomcat6 packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

6.9CVSS6.9AI score0.02128EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2013/03/15 12:0 a.m.37 views

CentOS Update for tomcat6 CESA-2013:0623 centos6

Check for the Version of tomcat6 OpenVAS Vulnerability Test CentOS Update for tomcat6 CESA-2013:0623 centos6 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

5CVSS6.7AI score0.12098EPSS
Exploits4References2
OpenVAS
OpenVAS
added 2013/03/15 12:0 a.m.32 views

RedHat Update for tomcat5 RHSA-2013:0640-01

Check for the Version of tomcat5 OpenVAS Vulnerability Test RedHat Update for tomcat5 RHSA-2013:0640-01 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

5CVSS6.7AI score0.12098EPSS
Exploits3References2
RedHat Linux
RedHat Linux
added 2013/03/14 4:46 p.m.43 views

Moderate: Red Hat Security Advisory: jbossweb security update

Updated jbossweb packages for JBoss Enterprise Application Platform 6.0.1 that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS...

5CVSS6.4AI score0.12098EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2013/03/14 4:40 p.m.39 views

Moderate: Red Hat Security Advisory: jbossweb security update

An update for JBoss Enterprise Application Platform 6.0.1 which fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

5CVSS6.4AI score0.12098EPSS
Exploits3References4
Tenable Nessus
Tenable Nessus
added 2013/03/13 12:0 a.m.38 views

Scientific Linux Security Update : tomcat5 on SL5.x i386/x86_64 (20130312)

It was found that when an application used FORM authentication, along with another component that calls request.setUserPrincipal before the call to FormAuthenticatorauthenticate such as the Single-Sign-On valve, it was possible to bypass the security constraint checks in the FORM authenticator by...

5CVSS6.2AI score0.12098EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2013/03/12 5:57 p.m.54 views

Important: Red Hat Security Advisory: tomcat5 security update

Updated tomcat5 packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, ar...

5CVSS6.4AI score0.12098EPSS
Exploits3References3
RedHat Linux
RedHat Linux
added 2013/03/11 7:3 p.m.43 views

Moderate: Red Hat Security Advisory: jbossweb security update

An update for JBoss Enterprise Application Platform 5.2.0 which fixes multiple security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, whic...

5CVSS6.1AI score0.12098EPSS
Exploits2References3
Rows per page
Query Builder