102 matches found
PT-2022-2590 · Curl +11 · Curl +11
Name of the Vulnerable Software and Affected Versions: curl versions prior to 7.83.0 Description: The issue is related to a insufficiently protected credentials vulnerability that may leak authentication or cookie header data on HTTP redirects to the same host but another port number. This could...
CVE-2021-29971
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...
CVE-2021-29971
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...
UBUNTU-CVE-2021-29971
If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 90...
cxf: JMX integration is vulnerable to a MITM attack
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle MITM style attack. An...
python-requests: Redirect from HTTPS to HTTP does not remove Authorization header
A credentials-exposure flaw was found in python-requests, where if a request with authentication is redirected 302 from an HTTPS endpoint to an HTTP endpoint on the same host, the Authorization header is not stripped and the credentials can be read in plain text. A man-in-the-middle attacker coul...
DEBIAN-CVE-2020-1740
A flaw was found in Ansible Engine when using Ansible Vault for editing encrypted files. When a user executes "ansible-vault edit", another user on the same computer can read the old and new secret, as it is created in a temporary file with mkstemp and the returned file descriptor is closed and t...
ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
JDK: privilege escalation via insufficiently restricted access to Attach API
In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which includes the ability to execute untrusted native code. Attach API is enabled by default on...
cryptlib Information Disclosure Vulnerability
cryptlib is a general-purpose cryptographic library based on the GnuPG code. A security vulnerability exists in cryptlib. The vulnerability can be exploited by an attacker to obtain a key by accessing a local device or a different virtual machine on the same physical host...
Libgcrypt Information Disclosure Vulnerability
Libgcrypt is a general-purpose cryptographic library developed by the GNU Project based on the GnuPG code. The library implements a variety of cryptographic algorithms, including symmetric ciphers, hashing algorithms, public key algorithms, and more. There is a security vulnerability in Libgcrypt...
CVE-2018-12440
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...
CVE-2018-12439
MatrixSSL through 3.9.5 Open allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host...
wolfSSL ROHNP Vulnerability
wolfSSL formerly known as CyaSSL is the United States wolfSSL company for embedded systems developers to use a small, portable embedded SSL programming library. A security vulnerability exists in the wolfcrypt/src/ecc.c file in versions prior to wolfSSL 3.15.1.patch. An attacker can exploit this...
LibTomCrypt ROHNP Vulnerability
LibTomCrypt is a modular and portable encryption toolkit. A security vulnerability exists in LibTomCrypt 1.18.1 and earlier versions. An attacker can exploit this vulnerability to obtain ECDSA keys by accessing a local device or a different virtual machine on the same physical host...
LibreSSL ROHNP Vulnerability
LibreSSL is a fork of the OpenSSL cryptographic software library developed by the OpenBSD project and an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. A security vulnerability exists in LibreSSL versions prior to 2.6.5 and 2.7.x prior to...
DEBIAN-CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
cURL and libcurl Information Disclosure Vulnerability
cURL/libcURL is a command line file transfer tool that supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP. When cURL and libcurl reuse the curleasyreset connection handle to send requests to the same hostname, they are accompanied by the HTTP Basic authentication credentials of...
DEBIAN-CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset curleasyreset connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors...