Lucene search
K

3242 matches found

Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.25 views

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0634-1)

This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues CWE-310 %NASLMINLEVEL 70300 C Tenable Network...

2.6CVSS7.6AI score0.0343EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.27 views

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0634-1)

This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues CWE-310 %NASLMINLEVEL 70300 C Tenable Network...

2.6CVSS7.6AI score0.0343EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.32 views

openSUSE Security Update : tor (openSUSE-SU-2012:1068-1)

Tor 0.2.2.38 fixes a rare race condition that can crash exit relays; fixes a remotely triggerable crash bug; and fixes a timing attack that could in theory leak path information. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

5CVSS8.2AI score0.02775EPSS
Exploits0References5
0day.today
0day.today
added 2014/05/14 12:0 a.m.50 views

CodeIgniter / Kohana PHP Object Injection / Timing Attack

CodeIgniter versions 2.1.4 and below and Kohana versions 3.2.3 and below and 3.3.2 and below suffer from PHP object injection, a timing attack, and a remote code execution vulnerability. Background info and boring history shit:...

8AI score
Exploits0
OpenVAS
OpenVAS
added 2014/05/12 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-2207-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.5AI score0.01895EPSS
Exploits0References2
securityvulns
securityvulns
added 2014/05/07 12:0 a.m.77 views

[USN-2207-1] OpenStack Swift vulnerability

========================================================================== Ubuntu Security Notice USN-2207-1 May 06, 2014 swift vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu...

4.3CVSS0.8AI score0.01895EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/05/07 12:0 a.m.28 views

Ubuntu 12.04 LTS / 12.10 / 13.10 : swift vulnerability (USN-2207-1)

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients. Note that Tenable Network...

4.3CVSS5.4AI score0.01895EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2014/05/06 8:5 p.m.49 views

USN-2207-1: OpenStack Swift vulnerability

Samuel Merritt discovered a timing attack vulnerability in OpenStack Swift. If Swift was configured to use the TempURL middleware, an attacker could exploit this to guess valid secret URLs and obtain unintended access to objects publicly shared with specific recipients...

4.3CVSS5.3AI score0.01895EPSS
Exploits0
securityvulns
securityvulns
added 2014/05/04 12:0 a.m.68 views

[CORE-2014-0003] - SAP Router Password Timing Attack

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL: http://www.coresecurity.com/advisories/sap-router-password-timing-attack Date published:...

4.3CVSS0.2AI score0.02818EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2014/04/17 12:23 p.m.3 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
exploitpack
exploitpack
added 2014/04/17 12:0 a.m.51 views

SAP Router - Timing Attack Password Disclosure

SAP Router - Timing Attack Password Disclosure Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:...

4.3CVSS6.5AI score0.02818EPSS
Exploits5
0day.today
0day.today
added 2014/04/17 12:0 a.m.57 views

SAP Router - Timing Attack Password Disclosure

SAP Router is an application-level gateway used to connect systems in a SAP infrastructure. A vulnerability have been found in SAP Router that could allow an unauthenticated remote attacker to obtain passwords used to protect route entries by a timing side-channel attack. SAP Router Password Timi...

4.3CVSS0.2AI score0.02818EPSS
Exploits5
Exploit DB
Exploit DB
added 2014/04/17 12:0 a.m.77 views

SAP Router - Timing Attack Password Disclosure

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL: http://www.coresecurity.com/advisories/sap-router-password-timing-attack Date published:...

4.3CVSS6.9AI score0.02818EPSS
Exploits5
Packet Storm
Packet Storm
added 2014/04/16 12:0 a.m.77 views

SAP Router Password Timing Attack

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SAP Router Password Timing Attack 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL: http://www.coresecurity.com/advisories/sap-router-password-timing-attack Date published:...

4.3CVSS6.5AI score0.02818EPSS
Exploits5
Core Security
Core Security
added 2014/04/15 12:0 a.m.501 views

SAP Router Password Timing Attack

Advisory ID Internal CORE-2014-0003 1. Advisory Information Title: SAP Router Password Timing Attack Advisory ID: CORE-2014-0003 Advisory URL:https://www.coresecurity.com/core-labs/advisories/sap-router-password-timing-attack Date published: 2014-04-15 Date of last update: 2014-03-06 Vendors...

4.3CVSS6.8AI score0.02818EPSS
Exploits5
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.4 views

bouncycastle: TLS CBC padding timing attack

It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

4CVSS7.3AI score0.02972EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2014/04/14 1:46 p.m.2 views

bouncycastle: TLS CBC padding timing attack

It was discovered that bouncycastle leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle...

4CVSS7.3AI score0.02972EPSS
Exploits0References6
myhack58
myhack58
added 2014/04/14 12:0 a.m.20 views

WordPress 3.8.2 patch analysis HMAC timing attack-vulnerability warning-the black bar safety net

author: [email protected] 0x00 background On github over and over to see for a long time, the official version of the diff only in php where changes to a location: | 1 2 | - if $hmac != $hash + if hashhmac 'md5', $hmac, $key !== hashhmac 'md5', $hash, $key ---|--- WP developers just...

0.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/04/03 8:18 p.m.28 views

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 3.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

4.3CVSS5.8AI score0.01895EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/04/03 8:18 p.m.3 views

Swift: TempURL timing attack

The TempURL middleware in OpenStack Object Storage Swift 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timing side-channel attack...

4.3CVSS5.9AI score0.01895EPSS
Exploits0References4
Rows per page
Query Builder