Lucene search
K

3242 matches found

RedHat Linux
RedHat Linux
added 2023/02/23 12:1 a.m.5 views

plugin: Non-constant time webhook signature comparison in GitHub Plugin

Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature...

5.3CVSS5.8AI score0.00707EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/02/21 6:54 p.m.18 views

K57214415: NAT slipstream vulnerability

Security Advisory Description This vulnerability exploits the application layer gateway ALG mechanism of network address translations NATs, routers, and firewalls through modification of internal IP extractions for a client browser connection and therefore bypasses the browser's port restrictions...

6.8AI score
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:20 p.m.29 views

K43205719: NTP input validation vulnerability CVE-2016-1550

Security Advisory Description An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. CVE-2016-1550...

5.3CVSS6.7AI score0.03634EPSS
Exploits1Affected Software23
F5 Networks
F5 Networks
added 2023/02/21 6:14 p.m.46 views

K32743437: OpenSSL vulnerability CVE-2016-7056

Security Advisory Description A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. CVE-2016-7056 Impact A malicious user with local access can recover Elliptic Curve Digital Signature Algorithm ECDSA...

5.5CVSS7AI score0.00594EPSS
Exploits0Affected Software22
F5 Networks
F5 Networks
added 2023/02/21 6:6 p.m.80 views

K43357358: AMD processors vulnerability CVE-2022-23823

Security Advisory Description A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. CVE-2022-23823 also known as hertzbleed Impact Successful exploitation of this...

6.5CVSS6.3AI score0.01037EPSS
Exploits0Affected Software13
OSV
OSV
added 2023/02/16 10:15 p.m.1 views

DEBIAN-CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.3AI score0.00594EPSS
Exploits0References1
OSV
OSV
added 2023/02/16 10:15 p.m.8 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.6AI score0.00594EPSS
Exploits0References2
NVD
NVD
added 2023/02/16 10:15 p.m.30 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS5.7AI score0.00594EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2023/02/16 10:15 p.m.41 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.7AI score0.00594EPSS
Exploits0References2
OSV
OSV
added 2023/02/16 10:15 p.m.0 views

UBUNTU-CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

5.9CVSS6.7AI score0.00594EPSS
Exploits0References3
CVE
CVE
added 2023/02/16 12:0 a.m.102 views

CVE-2020-12413

The CVE-2020-12413 case covers a timing attack on DHE ciphersuites in TLS (the Raccoon attack). Affected component is the DHE-based TLS handshake; underlying impact is a potential loss of confidentiality if DHE ciphersuites are used. Mitigation observed in sources: Firefox disabled support for DH...

5.9CVSS5.5AI score0.00594EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2023/02/16 12:0 a.m.10 views

CVE-2020-12413

The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites...

6.7AI score0.00594EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.5 views

SUSE CVE-2003-0190

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack...

5CVSS8AI score0.76751EPSS
Exploits10References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.5 views

SUSE CVE-2003-1562

sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password...

7.6CVSS8.5AI score0.05573EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:2 a.m.4 views

SUSE CVE-2009-3875

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS7AI score0.03107EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 6:1 a.m.2 views

SUSE CVE-2010-0009

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify 1 hashes or 2 passwords...

4.3CVSS6.7AI score0.05351EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:55 a.m.5 views

SUSE CVE-2010-5074

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets CSS token sequences, which makes it easier for remote attackers to obtain sensitive information...

4.3CVSS6.6AI score0.00702EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.3 views

SUSE CVE-2011-1945

The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine...

2.6CVSS7.9AI score0.0343EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.4 views

SUSE CVE-2013-1619

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS6.9AI score0.0644EPSS
Exploits1References10
SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.5 views

SUSE CVE-2013-1693

The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to read pixel values, and possibly bypass the Same Origin Policy and read text from a different domain, by...

4.3CVSS8.9AI score0.03745EPSS
Exploits0References12
Rows per page
Query Builder