Lucene search
K

3243 matches found

RedHat Linux
RedHat Linux
added 2016/03/24 1:10 a.m.4 views

python-django: User enumeration through timing difference on password hasher work factor upgrade

A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login...

3.1CVSS5.7AI score0.03317EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/03/24 1:10 a.m.33 views

Moderate: Red Hat Security Advisory: python-django security update

An update for python-django is now available for Red Hat Enterprise Linux OpenStack Platform 6.0 Juno for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

7.4CVSS6.6AI score0.04035EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2016/03/24 1:9 a.m.4 views

python-django: User enumeration through timing difference on password hasher work factor upgrade

A timing attack flaw was found in the way Django's PBKDF2PasswordHasher performed password hashing. Passwords hashed with an older version of PBKDF2PasswordHasher used less hashing iterations, and thus allowed an attacker to enumerate existing users based on the time differences in the login...

3.1CVSS5.7AI score0.03317EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2016/03/15 8:56 p.m.8 views

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

4.3CVSS7.2AI score0.04879EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2016/03/15 8:55 p.m.5 views

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

4.3CVSS7.2AI score0.04879EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.34 views

Fedora 23 : php-symfony-2.7.7-2.fc23 / php-twig-1.23.1-2.fc23 (2015-0efcb5fbc5)

Twig 1.23.1 2015-11-05 fixed some exception messages which triggered PHP warnings fixed BC on TwigTestNodeTestCase Twig 1.23.0 2015-10-29 - deprecated the possibility to override an extension by registering another one with the same name deprecated TwigExtensionInterface::getGlobals added...

7.5CVSS5.6AI score0.02712EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.31 views

Fedora 22 : php-symfony-2.7.7-2.fc22 / php-twig-1.23.1-2.fc22 (2015-0b89738311)

Twig 1.23.1 2015-11-05 fixed some exception messages which triggered PHP warnings fixed BC on TwigTestNodeTestCase Twig 1.23.0 2015-10-29 - deprecated the possibility to override an extension by registering another one with the same name deprecated TwigExtensionInterface::getGlobals added...

7.5CVSS5.6AI score0.02712EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2016/03/02 12:0 a.m.31 views

phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)

Binary data 9115.prm...

7.5CVSS6.6AI score0.02688EPSS
Exploits0References11
OSV
OSV
added 2016/03/01 5:0 p.m.4 views

UBUNTU-CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS6.7AI score0.03317EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/03/01 5:0 p.m.24 views

CVE-2016-2513

The password hasher in contrib/auth/hashers.py in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to enumerate users via a timing attack involving login requests...

3.1CVSS6.8AI score0.03317EPSS
Exploits0References3
OSV
OSV
added 2016/03/01 1:52 p.m.7 views

SUSE-SU-2016:0623-1 Security update for rubygem-activesupport-3_2

This update for rubygem-activesupport-32 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...

4.3CVSS5.7AI score0.04879EPSS
Exploits0References3
OSV
OSV
added 2016/03/01 1:50 p.m.14 views

SUSE-SU-2016:0618-1 Security update for rubygem-actionpack-3_2

This update for rubygem-actionpack-32 fixes the following issues: - CVE-2016-0751: Object Leak DoS bsc963331 - CVE-2016-0752: Directory traversal and information leak in Action View bsc963332 - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...

7.5CVSS5.8AI score0.95537EPSS
Exploits11References7
Hacker One
Hacker One
added 2016/02/29 1:19 a.m.69 views

HackerOne: Race Conditions Exist When Accepting Invitations

Hi All, Further to my last two comments on report 118312 and realizing that tokens are being stored in the DB, I realized there is probably a race condition vulnerability which allows invitation tokens to be consumed at least twice depending on the server/database response time. I tested it tonig...

0.9AI score
Exploits0
OSV
OSV
added 2016/02/26 3:8 p.m.6 views

SUSE-SU-2016:0600-1 Security update for rubygem-activesupport-4_1

This update for rubygem-activesupport-41 fixes the following issues: - CVE-2016-0753: Input Validation Circumvention bsc963334 - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329...

5.3CVSS5.1AI score0.07157EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/02/26 12:0 a.m.34 views

phpMyAdmin 4.0.x < 4.0.10.13 / 4.4.x < 4.4.15.3 / 4.5.x < 4.5.4 Multiple Vulnerabilities (PMASA-2016-1 - PMASA-2016-5)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.13, 4.4.x prior to 4.4.15.3, or 4.5.x prior to 4.5.4. It is, therefore, affected by the following vulnerabilities : - A security bypass vulnerability exists due to th...

7.5CVSS6.9AI score0.02688EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2016/02/24 10:36 a.m.6 views

rubygem-actionpack: Timing attack vulnerability in basic authentication in Action Controller

A flaw was found in the way the Action Controller component compared user names and passwords when performing HTTP basic authentication. Time taken to compare strings could differ depending on input, possibly allowing a remote attacker to determine valid user names and passwords using a timing...

4.3CVSS7.2AI score0.04879EPSS
Exploits0References6
OSV
OSV
added 2016/02/20 1:59 a.m.3 views

UBUNTU-CVE-2016-2041

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 does not use a constant-time algorithm for comparing CSRF tokens, which makes it easier for remote attackers to bypass intended access restrictions by measuring time differences...

7.5CVSS7.2AI score0.02648EPSS
Exploits0References3
OSV
OSV
added 2016/02/16 2:59 a.m.8 views

CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

3.7CVSS5.6AI score
Exploits0References13
OSV
OSV
added 2016/02/16 2:59 a.m.4 views

UBUNTU-CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

3.7CVSS5.9AI score0.04879EPSS
Exploits0References3
OSV
OSV
added 2016/02/16 2:59 a.m.2 views

DEBIAN-CVE-2015-7576

The httpbasicauthenticatewith method in actionpack/lib/actioncontroller/metal/httpauthentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a...

3.7CVSS6AI score0.04879EPSS
Exploits0References1
Rows per page
Query Builder