Lucene search
K

3242 matches found

RedHat Linux
RedHat Linux
added 2014/03/19 5:26 p.m.6 views

Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...

7.5CVSS6.9AI score0.04002EPSS
Exploits3References5
NVD
NVD
added 2014/03/19 10:55 a.m.18 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...

7.5CVSS8.5AI score0.04002EPSS
Exploits3References14
Prion
Prion
added 2014/03/19 10:55 a.m.30 views

Information disclosure

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...

5CVSS6.7AI score0.04002EPSS
Exploits3References14Affected Software17
ATTACKERKB
ATTACKERKB
added 2014/03/19 10:55 a.m.5 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...

7.5CVSS8.5AI score0.04002EPSS
Exploits3References15
CVE
CVE
added 2014/03/19 10:0 a.m.177 views

CVE-2014-1505

CVE-2014-1505 affects Mozilla Firefox (and related Mozilla components) where SVG filter operations in feDisplacementMap could leak displacement-correlation data and potentially bypass Same Origin Policy via a timing attack, enabling partial information disclosure from a different domain. Affected...

7.5CVSS8.5AI score0.04002EPSS
Exploits3References14Affected Software3
RedHat Linux
RedHat Linux
added 2014/03/18 8:34 p.m.5 views

Mozilla: SVG filters information disclosure through feDisplacementMap (MFSA 2014-28)

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...

7.5CVSS6.9AI score0.04002EPSS
Exploits3References5
UbuntuCve
UbuntuCve
added 2014/03/18 12:0 a.m.48 views

CVE-2014-1505

The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to obtain sensitive displacement-correlation information, and possibly bypass the Same Origin Policy and read text from a differen...

7.5CVSS6.9AI score0.04002EPSS
Exploits3References4
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.26 views

SuSE Update for gnutls openSUSE-SU-2014:0346-1 (gnutls)

Check for the Version of gnutls OpenVAS Vulnerability Test $Id: gbsuse201403461.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for gnutls openSUSE-SU-2014:0346-1 gnutls Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program i...

5.8CVSS6.3AI score0.29958EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2014/03/12 12:0 a.m.25 views

openSUSE: Security Advisory for gnutls (openSUSE-SU-2014:0346-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.8CVSS5.2AI score0.29958EPSS
Exploits2References1
OPENSUSE Linux
OPENSUSE Linux
added 2014/03/08 7:4 p.m.38 views

gnutls (critical)

The gnutls library was updated to fix SSL certificate validation. Remote man-in-the-middle attackers were able to make the verification believe that a SSL certificate is valid even though it was not. Also the TLS-CBC timing attack vulnerability was fixed...

5.8CVSS5.3AI score0.29958EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2014/03/04 7:11 p.m.33 views

Moderate: Red Hat Security Advisory: openstack-swift security update

Updated openstack-swift packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

4.3CVSS5.8AI score0.01895EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2014/03/03 12:0 a.m.43 views

gnutls security update

1.4.1-14 - Renamed gnutls-1.4.1-cve-2014-0092-1.patch to cve-2014-5138.patch - Renamed gnutls-1.4.1-cve-2014-0092-2.patch to cve-2014-0092.patch 1.4.1-13 - fix issues of CVE-2014-0092 1069888 1.4.1-12 - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch 966754 1.4.1-11 - fix...

5.8CVSS1.4AI score0.29958EPSS
Exploits3
Oracle linux
Oracle linux
added 2014/03/03 12:0 a.m.36 views

gnutls security update

2.8.5-13 - fix CVE-2014-0092 1069890 2.8.5-12 - fix CVE-2013-2116 - fix DoS regression in CVE-2013-1619 upstream patch 966754 2.8.5-11 - fix CVE-2013-1619 - fix TLS-CBC timing attack 908238...

5.8CVSS1.6AI score0.29958EPSS
Exploits2
OSV
OSV
added 2014/03/02 4:57 a.m.1 views

DEBIAN-CVE-2014-2243

includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timin...

5.8CVSS6.7AI score0.01553EPSS
Exploits1References1
OSV
OSV
added 2014/03/02 4:57 a.m.6 views

UBUNTU-CVE-2014-2243

includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which makes it easier for remote attackers to obtain access via a brute-force attack that relies on timin...

5.8CVSS7.3AI score0.01553EPSS
Exploits1References8
Mozilla
Mozilla
added 2014/02/04 12:0 a.m.39 views

Information disclosure with *FromPoint on iframes — Mozilla

Security researcher Jordan Milne reported an information leak where document.caretPositionFromPoint and document.elementFromPoint functions could be used on a cross-origin iframe to gain information on the iframe's DOM and other attributes through a timing attack, violating same-origin policy...

5CVSS8.9AI score0.02467EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2014/01/23 1:0 a.m.80 views

CVE-2014-0006

The CVE-2014-0006 issue affects OpenStack Swift, where the TempURL middleware exhibits a timing side-channel risk that can leak secret URLs. Affected releases are Swift 1.4.6–1.8.0, 1.9.0–1.10.0, and 1.11.0. Root cause: timing-based information leakage in TempURL handling when an object name is k...

4.3CVSS6.3AI score0.01895EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2013/11/18 2:55 a.m.16 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

2.6CVSS5.9AI score0.02813EPSS
Exploits1References10
OSV
OSV
added 2013/11/18 2:55 a.m.2 views

DEBIAN-CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

2.6CVSS6.5AI score0.02813EPSS
Exploits1References1
OSV
OSV
added 2013/11/18 2:55 a.m.7 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

5.8AI score
Exploits0References11
Rows per page
Query Builder