Lucene search
K

3242 matches found

UbuntuCve
UbuntuCve
added 2015/09/01 2:59 p.m.17 views

CVE-2015-6728

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...

7.5CVSS5.9AI score0.00862EPSS
Exploits0References3
Prion
Prion
added 2015/09/01 2:59 p.m.17 views

Cross site request forgery (csrf)

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...

7.5CVSS7AI score0.00862EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2015/09/01 2:0 p.m.65 views

CVE-2015-6728

CVE-2015-6728 affects MediaWiki releases prior to 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2. The ApiBase::getWatchlistUser function does not perform token comparison in constant time, enabling a timing attack to guess the watchlist CSRF token and bypass CSRF protection. Connected so...

7.5CVSS6.5AI score0.00862EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2015/09/01 2:0 p.m.21 views

CVE-2015-6728

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...

6.3AI score0.00862EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2015/09/01 2:0 p.m.23 views

CVE-2015-6728

The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to guess the watchlist token and bypass CSRF protection via a timing attack...

7.5CVSS6.3AI score0.00862EPSS
Exploits0
OSV
OSV
added 2015/08/21 6:54 p.m.5 views

MGASA-2015-0317 Updated libcryptopp package fixes security vulnerability

Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...

5CVSS6.3AI score0.02879EPSS
Exploits0References3
Mageia
Mageia
added 2015/08/21 6:54 p.m.27 views

Updated libcryptopp package fixes security vulnerability

Evgeny Sidorov discovered that libcryptopp did not properly implement blinding to mask private key operations for the Rabin-Williams digital signature algorithm. This could allow remote attackers to mount a timing attack and retrieve the user's private key CVE-2015-2141...

5CVSS7.4AI score0.02879EPSS
Exploits0References2
exploitpack
exploitpack
added 2015/08/19 12:0 a.m.19 views

Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving

Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving Source: https://code.google.com/p/google-security-research/issues/detail?id=280&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - BrokerMoveFileEx TOCTOU IE PM Sandbox Escape 1. Windows 8....

0.4AI score
Exploits0
0day.today
0day.today
added 2015/08/19 12:0 a.m.40 views

Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving Exploit

Exploit for windows platform in category remote exploits...

4.3CVSS3.1AI score0.11351EPSS
Exploits1
Exploit DB
Exploit DB
added 2015/08/19 12:0 a.m.30 views

Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving

Source: https://code.google.com/p/google-security-research/issues/detail?id=280&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - BrokerMoveFileEx TOCTOU IE PM Sandbox Escape 1. Windows 8.1 Internet Explorer Protected Mode Bypass in FlashBroker FlashBroker is...

7AI score
Exploits0
Debian
Debian
added 2015/08/11 7:55 p.m.45 views

[SECURITY] [DSA 3332-1] wordpress security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3332-1 [email protected] https://www.debian.org/security/ Thijs Kinkhorst August 11, 2015 https://www.debian.org/security/faq -...

7.5CVSS7.3AI score0.10986EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2015/08/11 12:0 a.m.39 views

Fedora 23 : wordpress-4.2.4-1.fc23 (2015-12750)

WordPress 4.2.4 Security and Maintenance Release WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a...

7.5CVSS6.4AI score0.10986EPSS
Exploits0References10
FreeBSD
FreeBSD
added 2015/08/10 12:0 a.m.36 views

mediawiki -- multiple vulnerabilities

MediaWiki reports: Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. Internal review discovered that...

7.5CVSS6.3AI score0.02747EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2015/08/07 12:0 a.m.45 views

wordpress: multiple issues

CVE-2015-2213: SQL injection in comments ID. - CVE-2015-5730: Timing attack in widgets. - CVE-2015-5731: Denial of service by locking a post from being edited. - CVE-2015-5732, CVE-2015-5733 CVE-2015-5734: XSS...

7.5CVSS2.8AI score0.10986EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2015/08/05 12:0 a.m.30 views

WordPress <= 4.2.3 - Timing Side Channel Attack

...

5CVSS1.7AI score0.08354EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2015/08/05 12:0 a.m.37 views

WordPress < 4.2.4 Multiple Vulnerabilities

According to its version number, the WordPress application running on the remote web server is prior to 4.2.4. It is, therefore, potentially affected by multiple vulnerabilities : - A SQL injection vulnerability exists in the post.php script due to a failure to sanitize user-supplied input to the...

7.5CVSS6.5AI score0.10986EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2015/07/31 12:0 a.m.29 views

OracleVM 3.3 : gnutls (OVMSA-2015-0101)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix CVE-2015-0282 1198159 - fix CVE-2015-0294 1198159 - Corrected value initialization in mpi printing 1129241 - Check for expiry information in the CA certificates 1159778 - fix issue with integer...

7.5CVSS7.2AI score0.29958EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2015/07/30 5:14 p.m.6 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
ArchLinux
ArchLinux
added 2015/07/24 12:0 a.m.37 views

crypto++: private key recovery

Evgeny Sidorov discovered that it is possible to recover the private key when using Rabin-Williams signatures due to a bad interaction with the blinding value used to mask private key operations. The bad interaction had to do with the random value not meeting certain Jacobi requirements, which...

5CVSS4.6AI score0.02879EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2015/07/22 7:33 p.m.4 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.04156EPSS
Exploits0References5
Rows per page
Query Builder