Lucene search
K

3243 matches found

CVE
CVE
added 2015/12/07 8:0 p.m.77 views

CVE-2015-8125

CVE-2015-8125 affects Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7. It describes a potential remote timing-attack vulnerability in the Symfony Security Remember-Me service (PersistentTokenBasedRememberMeServices), the DigestAuthenticationListener, and the legacy CSRF i...

7.5CVSS6.8AI score0.02545EPSS
Exploits0References5Affected Software1
Debian CVE
Debian CVE
added 2015/12/07 8:0 p.m.29 views

CVE-2015-8125

Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the 1 Symfony/Component/Security/Http/RememberMe/PersistentTokenBasedRememberMeServices or 2...

7.5CVSS6.6AI score0.02545EPSS
Exploits0
Kitploit
Kitploit
added 2015/11/25 9:29 p.m.21 views

Sniffly - Sniffing Browser History Using HSTS + CSP.

Sniffly is an attack that abuses HTTP Strict Transport Security and Content Security Policy to allow arbitrary websites to sniff a user's browsing history. It has been tested in Firefox and Chrome. More info available in my ToorCon 2015 slides:...

7.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2015/11/25 12:0 a.m.18 views

Debian DSA-3402-1 : symfony - security update

Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-8124 The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within th...

7.5CVSS5.5AI score0.02712EPSS
Exploits1References6
OSV
OSV
added 2015/11/24 12:0 a.m.17 views

DSA-3402-1 symfony - security update

Bulletin has no description...

7.5CVSS6AI score0.02712EPSS
Exploits1
OpenVAS
OpenVAS
added 2015/11/24 12:0 a.m.26 views

Debian Security Advisory DSA 3402-1 (symfony - security update)

Several vulnerabilities have been discovered in symfony, a framework to create websites and web applications. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-8124The RedTeam Pentesting GmbH team discovered a session fixation vulnerability within the...

7.5CVSS6.7AI score0.02712EPSS
Exploits1References1
Friends Of PHP
Friends Of PHP
added 2015/11/23 11:45 a.m.18 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 11:45 a.m.15 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 11:45 a.m.20 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2015/11/23 11:45 a.m.25 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

More info at https://symfony.com/cve-2015-8125...

7.5CVSS7.2AI score0.02545EPSS
Exploits0Affected Software1
Symfony
Symfony
added 2015/11/23 12:0 a.m.6 views

CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service

Affected Versions Symfony 2.3.0 to 2.3.34, 2.6.0 - 2.6.11, 2.7.0 - 2.7.6 versions of the Security component are affected by this security issue. This issue has been fixed in Symfony 2.3.35, 2.6.12, and 2.7.7. Note that no fixes are provided for Symfony 2.4 and 2.5 as they are not maintained...

7.5CVSS6.1AI score0.02545EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/11/23 12:0 a.m.18 views

Debian: Security Advisory (DSA-3402-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.02712EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2015/11/09 11:0 a.m.35 views

CVE-2015-5730

The sanitizewidgetinstance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated...

5CVSS6.3AI score0.08354EPSS
Exploits0
Cvelist
Cvelist
added 2015/11/09 11:0 a.m.23 views

CVE-2015-5730

The sanitizewidgetinstance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to conduct a timing side-channel attack by measuring the delay before inequality is calculated...

6.2AI score0.08354EPSS
Exploits0References9
Hacker One
Hacker One
added 2015/10/19 11:1 a.m.122 views

Ruby on Rails: http_basic_authenticate_with is suseptible to timing attacks.

Timing attack vulnerability in basic authentication in Action Controller. There is a timing attack vulnerability in the basic authentication support in Action Controller. This vulnerability has been assigned the CVE identifier CVE-2015-7576. Versions Affected: All. Not affected: None. Fixed...

4.3CVSS6.1AI score0.04879EPSS
Exploits0
OpenVAS
OpenVAS
added 2015/10/15 12:0 a.m.16 views

Mageia: Security Advisory (MGASA-2015-0317)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS7.5AI score0.02879EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.36 views

Oracle: Security Advisory (ELSA-2013-0587)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.9AI score0.35584EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2015/10/06 12:0 a.m.32 views

Oracle: Security Advisory (ELSA-2013-0588)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4CVSS6AI score0.0644EPSS
Exploits1References2
OSV
OSV
added 2015/09/01 2:59 p.m.5 views

CVE-2015-6728

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...

6.8AI score
Exploits0References6
NVD
NVD
added 2015/09/01 2:59 p.m.13 views

CVE-2015-6728

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...

7.5CVSS6.5AI score0.00862EPSS
Exploits0References6
Rows per page
Query Builder