3242 matches found
Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update
Updated openstack-nova packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS ba...
DEBIAN-CVE-2014-5204
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...
CVE-2014-5204
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...
CVE-2014-5204
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...
CVE-2014-5204
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...
CVE-2014-0852
IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an...
Code injection
IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an...
CVE-2014-0852
IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an...
CVE-2014-0852
The CVE affects IBM WebSphere DataPower SOA Appliances. Affected versions include 4.0.2.15, 5.x up to 5.0.0.17, 6.0.0.x up to 6.0.0.9, and 6.0.1.x up to 6.0.1.5. Root cause: a SSL/TLS side-channel timing vulnerability that can reveal the PreMasterSecret when an attacker on the same LAN sends mill...
IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities
The version of IBM Tivoli Storage Manager installed on the remote host is 5.5 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted...
IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities
The version of IBM Tivoli Storage Manager installed on the remote host is 6.1 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted...
DEBIAN-CVE-2014-3517
api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...
MGASA-2014-0292 Updated java-1.7.0-openjdk packages fix multiple vulnerabilities
Updated java-1.7.0-openjdk packages fix security vulnerabilities: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions CVE-2014-4216...
openstack-nova: timing attack issue allows access to other instances' configuration information
A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...
Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update
Updated openstack-nova packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common...
bouncycastle: TLS CBC padding timing attack
It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...
Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
No description provided by source. !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi [email protected] OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an erro...
SAP Router - Timing Attack Password Disclosure
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...
Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure
No description provided by source. !/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs su -. Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for more information. Tested on Debian 6.0.5 kerne...
openSUSE Security Update : openssl (openSUSE-SU-2014:0480-1)
openssl was updated to fix a timing attack, where it was theoretically possible to recover ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...