Lucene search
K

3242 matches found

RedHat Linux
RedHat Linux
added 2015/05/14 3:14 p.m.4 views

bouncycastle: TLS CBC padding timing attack

It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

4CVSS7.2AI score0.02972EPSS
Exploits0References6
myhack58
myhack58
added 2015/04/07 12:0 a.m.19 views

Not found the rear door: open source encryption software TrueCrypt security audit-vulnerability warning-the black bar safety net

TrueCrypt is a popular open source file encryption software, which the user includes a large number of“sensitive persons”, such as businessmen, politicians, journalists, and therefore its safety has been well received by the attention. 2 0 1 4 年 5 months, the open source encryption software...

7.6AI score
Exploits0
OSV
OSV
added 2015/03/02 12:0 a.m.2 views

UBUNTU-CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

5.9CVSS6.5AI score0.01952EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2015/02/27 12:0 a.m.27 views

cryptopp -- multiple vulnerabilities

Multiple sources report: CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack...

7.5CVSS6.5AI score0.02879EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2014/11/26 12:0 a.m.249 views

OracleVM 2.2 : openssl (OVMSA-2014-0007)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 ...

10CVSS8AI score0.95326EPSS
Exploits34References20
Tenable Nessus
Tenable Nessus
added 2014/11/26 12:0 a.m.56 views

OracleVM 3.2 : onpenssl (OVMSA-2014-0008)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix for CVE-2014-0224 - SSL/TLS MITM vulnerability - replace expired GlobalSign Root CA certificate in ca-bundle.crt - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 ...

10CVSS8AI score0.95326EPSS
Exploits34References20
myhack58
myhack58
added 2014/11/23 12:0 a.m.14 views

IE GC information leakage the vulnerability of the gossip-vulnerability warning-the black bar safety net

This vulnerability is several months earlier dion cow release, also recently got a pwnie award of the prize, the original speaking of the flash, ff, etc. of the GC engine are the use of conserved marker removal algorithm and are not tag data or pointer, so the presence of this problem, dion cattl...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/11/17 11:6 a.m.3 views

mysql: Remote Preauth User Enumeration flaw

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

5CVSS6.7AI score0.14784EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/11/17 9:56 a.m.4 views

mysql: Remote Preauth User Enumeration flaw

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

5CVSS6.7AI score0.14784EPSS
Exploits1References4
Metasploit
Metasploit
added 2014/11/11 8:59 p.m.8214 views

SSH Username Enumeration

This module uses a malformed packet or timing attack to enumerate users on an OpenSSH server. The default action sends a malformed corrupted SSHMSGUSERAUTHREQUEST packet using public key authentication must be enabled to enumerate users. On some versions of OpenSSH under some configurations,...

5.9CVSS6.5AI score0.98631EPSS
Exploits41
NVD
NVD
added 2014/10/16 7:55 p.m.16 views

CVE-2014-8315

polestarxml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 replies with different timing depending on if a connection can be made, which allows remote attackers to conduct port scanning attacks via a host name and port in the cms parameter...

5CVSS6.6AI score0.01513EPSS
Exploits0References6
Hacker One
Hacker One
added 2014/10/12 6:17 p.m.24 views

joola.io: Timing Attack Side-Channel on API Token Verification

https://github.com/joola/joola/blob/develop/lib/dispatch/users.jsL514 Because tokens are compared with the === operator, this may be susceptible to timing attacks. More info: http://codahale.com/a-lesson-in-timing-attacks/ This is probably not the lowest hanging fruit for an attacker, but it's...

0.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/10/10 12:0 a.m.29 views

F5 Networks BIG-IP : SSL acceleration card timing vulnerability (K15500)

SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer SSL accelerator cards, might allow remote attackers to have...

5.9CVSS6.2AI score0.0162EPSS
Exploits0References2
PyPA
PyPA
added 2014/09/30 2:55 p.m.9 views

PYSEC-2014-49

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

4.3CVSS7.1AI score0.00933EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2014/09/30 2:55 p.m.7 views

PYSEC-2014-75

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation...

4.3CVSS7.1AI score0.00933EPSS
Exploits0References6Affected Software1
The Hacker News
The Hacker News
added 2014/09/09 9:19 p.m.15 views

Unmasking Google Users With a New Timing Attack

Researcher has discovered a new Timing attack that could unmask Google users under some special conditions. Andrew Cantino, the vice president of engineering at Mavenlink, detailed his attack in a blogpost st week. According to him, the attack could be used by an attacker to target a particular...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2014/09/08 3:0 p.m.9 views

New Timing Attack Could De-Anonymize Google Users

A new timing attack has been disclosed that could de-anonymize Google users under particular conditions. Google acknowledged the issue to researcher Andrew Cantino, the vice president of engineering at Mavenlink, but told him it would not address the issue because the risk is low. “I agree that...

0.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2014/08/22 12:0 a.m.29 views

Ubuntu: Security Advisory (USN-2325-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.01938EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/08/22 12:0 a.m.26 views

Ubuntu 14.04 LTS : OpenStack Nova vulnerability (USN-2325-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2325-1 advisory. Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy...

4.3CVSS5.5AI score0.01938EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/08/21 12:34 a.m.3 views

openstack-nova: timing attack issue allows access to other instances' configuration information

A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...

4.3CVSS5.7AI score0.01938EPSS
Exploits0References4
Rows per page
Query Builder