Lucene search
K

3242 matches found

RedHat Linux
RedHat Linux
added 2014/08/21 12:34 a.m.38 views

Moderate: Red Hat Security Advisory: openstack-nova security, bug fix, and enhancement update

Updated openstack-nova packages that fix two security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS ba...

6CVSS5.8AI score0.01938EPSS
Exploits1References12
OSV
OSV
added 2014/08/18 11:15 a.m.2 views

DEBIAN-CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

6.8CVSS6.8AI score0.0185EPSS
Exploits0References1
OSV
OSV
added 2014/08/18 11:15 a.m.5 views

CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

6.4AI score
Exploits0References5
UbuntuCve
UbuntuCve
added 2014/08/18 11:15 a.m.35 views

CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

6.8CVSS5.9AI score0.0185EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/08/18 10:0 a.m.29 views

CVE-2014-5204

wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote attackers to bypass a CSRF protection mechanism via a brute-force attack...

6.3AI score0.0185EPSS
Exploits0References4
NVD
NVD
added 2014/08/16 4:39 a.m.11 views

CVE-2014-0852

IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an...

4.3CVSS6.4AI score0.01204EPSS
Exploits0References4
Prion
Prion
added 2014/08/16 4:39 a.m.16 views

Code injection

IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an...

4.3CVSS6.9AI score0.01204EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2014/08/16 1:0 a.m.18 views

CVE-2014-0852

IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through 5.0.0.17, 6.0.0.x through 6.0.0.9, and 6.0.1.x through 6.0.1.5 make it easier for remote attackers to obtain a PreMasterSecret value and defeat cryptographic protection mechanisms by sending a large number of requests in an...

6.4AI score0.01204EPSS
Exploits0References4
CVE
CVE
added 2014/08/16 1:0 a.m.41 views

CVE-2014-0852

The CVE affects IBM WebSphere DataPower SOA Appliances. Affected versions include 4.0.2.15, 5.x up to 5.0.0.17, 6.0.0.x up to 6.0.0.9, and 6.0.1.x up to 6.0.1.5. Root cause: a SSL/TLS side-channel timing vulnerability that can reveal the PreMasterSecret when an attacker on the same LAN sends mill...

4.3CVSS6.6AI score0.01204EPSS
Exploits0References4Affected Software2
Tenable Nessus
Tenable Nessus
added 2014/08/11 12:0 a.m.55 views

IBM Tivoli Storage Manager Server 5.5.x Multiple Vulnerabilities

The version of IBM Tivoli Storage Manager installed on the remote host is 5.5 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted...

5CVSS6.5AI score0.35584EPSS
Exploits2References9
Tenable Nessus
Tenable Nessus
added 2014/08/11 12:0 a.m.74 views

IBM Tivoli Storage Manager Server 6.1.x Multiple Vulnerabilities

The version of IBM Tivoli Storage Manager installed on the remote host is 6.1 running on Windows or AIX. It is, therefore, potentially affected by multiple flaws in its bundled SSL library: - A flaw that could allow a remote attacker to cause a denial of service via a specially crafted...

5CVSS6.5AI score0.35584EPSS
Exploits2References9
OSV
OSV
added 2014/08/07 11:13 a.m.4 views

DEBIAN-CVE-2014-3517

api/metadata/handler.py in OpenStack Compute Nova before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in...

4.3CVSS6.8AI score0.01938EPSS
Exploits0References1
OSV
OSV
added 2014/07/26 11:3 a.m.14 views

MGASA-2014-0292 Updated java-1.7.0-openjdk packages fix multiple vulnerabilities

Updated java-1.7.0-openjdk packages fix security vulnerabilities: It was discovered that the Hotspot component in OpenJDK did not properly verify bytecode from the class files. An untrusted Java application or applet could possibly use these flaws to bypass Java sandbox restrictions CVE-2014-4216...

9.3CVSS7.8AI score0.06118EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2014/07/24 5:21 p.m.4 views

openstack-nova: timing attack issue allows access to other instances' configuration information

A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...

4.3CVSS5.7AI score0.01938EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/07/24 5:21 p.m.34 views

Moderate: Red Hat Security Advisory: openstack-nova security and bug fix update

Updated openstack-nova packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for Red Hat Enterprise Linux 7. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common...

4.3CVSS5.7AI score0.01938EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2014/07/16 5:12 p.m.4 views

bouncycastle: TLS CBC padding timing attack

It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

4CVSS7.3AI score0.02972EPSS
Exploits0References6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.247 views

Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit

No description provided by source. !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi [email protected] OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an erro...

5CVSS7AI score0.76751EPSS
Exploits10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.50 views

SAP Router - Timing Attack Password Disclosure

No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...

4.3CVSS0.02818EPSS
Exploits5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.61 views

Linux Kernel /dev/ptmx Key Stroke Timing Local Disclosure

No description provided by source. !/bin/bash ptmx-su-pwdlen.sh -- This PoC determine the password length of a local user who runs su -. Done thanks to the ptmx keystroke timing attack CVE-2013-0160. See http://vladz.devzero.fr/013ptmx-timing.php for more information. Tested on Debian 6.0.5 kerne...

2.1CVSS6.7AI score0.00732EPSS
Exploits6
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.51 views

openSUSE Security Update : openssl (openSUSE-SU-2014:0480-1)

openssl was updated to fix a timing attack, where it was theoretically possible to recover ECDSA Nonces Using the FLUSH+RELOAD Cache Side-channel Attack %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Securit...

1.9CVSS7.1AI score0.00942EPSS
Exploits1References3
Rows per page
Query Builder