3242 matches found
Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...
CVE-2014-1505
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...
Information disclosure
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...
CVE-2014-1505
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...
CVE-2014-1505
CVE-2014-1505 affects Mozilla Firefox (and related Mozilla components) where SVG filter operations in feDisplacementMap could leak displacement-correlation data and potentially bypass Same Origin Policy via a timing attack, enabling partial information disclosure from a different domain. Affected...
Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...
CVE-2014-1505
The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...
SuSE Update for gnutls openSUSE-SU-2014:0346-1 (gnutls)
Check for the Version of gnutls OpenVAS Vulnerability Test $Id: gbsuse201403461.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for gnutls openSUSE-SU-2014:0346-1 gnutls Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program i...
openSUSE: Security Advisory for gnutls (openSUSE-SU-2014:0346-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
gnutls (critical)
The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not. Also the TLS-CBC timing attack vulnerability was fixed...
Moderate: Red Hat Security Advisory: openstack-swift security update
Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
gnutls security update
1.4.1-14 - Renamed gnutls-1.4.1-cve-2014-0092-1.patch to cve-2014-5138.patch - Renamed gnutls-1.4.1-cve-2014-0092-2.patch to cve-2014-0092.patch 1.4.1-13 - fix issues of CVE-2014-0092 1069888 1.4.1-12 - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch 966754 1.4.1-11 - fix...
gnutls security update
2.8.5-13 - fix CVE-2014-0092 1069890 2.8.5-12 - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch 966754 2.8.5-11 - fix CVE-2013-1619 - fix TLS-CBC timing attack 908238...
DEBIAN-CVE-2014-2243
includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timin...
UBUNTU-CVE-2014-2243
includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timin...
Information disclosure with *FromPoint on iframes — Mozilla
Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe's DOM and other attributes through a timing attack, violating same-origin policy...
CVE-2014-0006
The CVE-2014-0006 issue affects OpenStack Swift, where the TempURL middleware exhibits a timing side-channel risk that can leak secret URLs. Affected releases are Swift 1.4.6–1.8.0, 1.9.0–1.10.0, and 1.11.0. Root cause: timing-based information leakage in TempURL handling when an object name is k...
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
DEBIAN-CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...