Lucene search
K

3243 matches found

CVE
CVE
added 2016/02/16 2:0 a.m.113 views

CVE-2015-7576

Ruby on Rails: The http_basic_authenticate_with path in Action Controller is vulnerable to a timing-attack bypass when verifying credentials, not using constant-time comparison. A remote attacker could determine valid usernames/passwords by measuring response times. Affected rails versions includ...

4.3CVSS5AI score0.04879EPSS
Exploits0References13Affected Software2
OSV
OSV
added 2016/02/15 1:25 p.m.16 views

SUSE-SU-2016:0457-1 Security update for rubygem-actionpack-4_2

This update for rubygem-actionpack-42 fixes the following issues: - CVE-2016-0751: Object Leak DoS bsc963331 - CVE-2015-7581: unbounded memory growth DoS via wildcard controller routes bsc963335 - CVE-2016-0752: directory traversal and information leak in Action View bsc963332 - CVE-2015-7576:...

7.5CVSS5.9AI score0.95537EPSS
Exploits11References9
OSV
OSV
added 2016/02/11 4:47 p.m.7 views

SUSE-SU-2016:0435-1 Security update for rubygem-activesupport-4_2

This update for rubygem-activesupport-42 fixes the following issues: - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller bsc963329 - CVE-2016-0753: Input Validation Circumvention bsc963334...

5.3CVSS5.1AI score0.07157EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/02/08 12:0 a.m.46 views

openSUSE Security Update : rubygem-actionpack-4_2 / rubygem-actionview-4_2 / rubygem-activemodel-4_2 / etc (openSUSE-2016-159)

This update for rubygem-actionpack-42, rubygem-actionview-42, rubygem-activemodel-42, rubygem-activerecord-42, rubygem-activesupport-42 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory...

7.5CVSS6.1AI score0.95537EPSS
Exploits11References12
Tenable Nessus
Tenable Nessus
added 2016/02/08 12:0 a.m.39 views

openSUSE Security Update : rubygem-actionpack-3_2 / rubygem-activesupport-3_2 (openSUSE-2016-160)

This update for rubygem-actionpack-32, rubygem-activesupport-32 fixes the following issues : - CVE-2015-7576: Timing attack vulnerability in basic authentication in Action Controller boo963329 - CVE-2016-0752: directory traversal and information leak in Action View boo963332 - CVE-2016-0751:...

7.5CVSS5.8AI score0.95537EPSS
Exploits11References8
OSV
OSV
added 2016/02/05 5:26 p.m.15 views

MGASA-2016-0051 Updated phpmyadmin/phpseclib packages fix security vulnerability

Password suggestion functionality uses Math.random which does not provide cryptographically secure random numbers CVE-2016-1927. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full pa...

7.5CVSS6AI score0.02688EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2016/02/02 12:0 a.m.12 views

PT-2016-3431 · Apache +5 · Apache Tomcat +5

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions 9.0.0.M1 through 9.0.0.M9 Apache Tomcat versions 8.5.0 through 8.5.4 Apache Tomcat versions 8.0.0.RC1 through 8.0.36 Apache Tomcat versions 7.0.0 through 7.0.70 Apache Tomcat versions 6.0.0 through 6.0.45 Description: T...

9.8CVSS6.5AI score0.90338EPSS
Exploits12References181
Hacker One
Hacker One
added 2015/12/29 6:40 a.m.11 views

Automattic: Possible Timing Side-Channel in XMLRPC Verification

https://github.com/Automattic/jetpack/blob/bc7a4541ef6f0e9f583376d801ab0c40cfb976c3/class.jetpack-xmlrpc-server.phpL115 I mentioned this to @daljo628 and he suggested submitting it here instead. This looks very much like a classic timing attack vulnerability. The fix would be to use hashequals...

0.7AI score
Exploits0
OpenVAS
OpenVAS
added 2015/12/28 12:0 a.m.20 views

Mageia: Security Advisory (MGASA-2015-0486)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7AI score0.01888EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2015/12/25 12:0 a.m.28 views

mediawiki: multiple issues

CVE-2015-8622: T117899 XSS from wikitext when $wgArticlePath='$1'. Internal review discovered an XSS vector when MediaWiki is configured with a non-standard configuration. - CVE-2015-8624: T119309 User::matchEditToken should use constant-time string comparison. Internal review discovered that...

1.9AI score0.01888EPSS
Exploits0References13
OSV
OSV
added 2015/12/24 11:8 a.m.9 views

MGASA-2015-0486 Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...

9.8CVSS6.8AI score0.01888EPSS
Exploits0References4
Mageia
Mageia
added 2015/12/24 11:8 a.m.48 views

Updated mediawiki packages fix security vulnerabilities

Updated mediawiki packages fix security vulnerabilities: In MediaWiki before 1.23.12, an XSS vector exists when MediaWiki is configured with a non-standard configuration, from wikitext when $wgArticlePath='$1' CVE-2015-8622. In MediaWiki before 1.23.12, tokens were being compared as strings, whic...

9.8CVSS6.9AI score0.01888EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2015/12/17 12:0 a.m.29 views

WordPress < 4.2.4 Multiple Vulnerabilities

Binary data 9031.prm...

7.5CVSS6.5AI score0.10986EPSS
Exploits0References8
CNVD
CNVD
added 2015/12/08 12:0 a.m.4 views

Unspecified Vulnerability in Sensio Labs Symfony

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A security vulnerability exists in the...

7.5CVSS6.9AI score0.02545EPSS
Exploits0References1
OSV
OSV
added 2015/12/07 8:59 p.m.3 views

DEBIAN-CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...

7.5CVSS7.2AI score0.02545EPSS
Exploits0References1
NVD
NVD
added 2015/12/07 8:59 p.m.18 views

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...

7.5CVSS6.8AI score0.02545EPSS
Exploits0References5
OSV
OSV
added 2015/12/07 8:59 p.m.12 views

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...

7.5CVSS6.8AI score0.02545EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2015/12/07 8:59 p.m.13 views

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...

7.5CVSS6AI score0.02545EPSS
Exploits0References3
Prion
Prion
added 2015/12/07 8:59 p.m.8 views

Cross site request forgery (csrf)

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...

7.5CVSS7.3AI score0.02545EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2015/12/07 8:0 p.m.26 views

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...

6.6AI score0.02545EPSS
Exploits0References5
Rows per page
Query Builder