Lucene search
K

3242 matches found

Kaspersky
Kaspersky
added 2013/11/17 12:0 a.m.27 views

KLA10281 OSI vulnerability in OpenVPN

An unspecified vulnerability was found in OpenVPN. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a timing attack. Original advisories - Related products OpenVPN CVE list CVE-2013-2061 warning Solution Update to...

2.6CVSS6AI score0.02813EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2013/11/17 12:0 a.m.22 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

2.6CVSS5.9AI score0.02813EPSS
Exploits1References3
CVE
CVE
added 2013/11/15 6:16 p.m.212 views

CVE-2013-2061

OpenVPN 2.3.0 and earlier is affected in UDP mode due to two issues in crypto.c: (1) openvpn_decrypt uses an HMAC comparison that does not run in constant time, enabling timing-based information disclosure, and (2) a padding oracle risk in the CBC mode cipher. Exploitation could allow an unauthen...

2.6CVSS5.8AI score0.02813EPSS
Exploits1References10Affected Software2
Cvelist
Cvelist
added 2013/11/15 6:16 p.m.24 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

5.7AI score0.02813EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2013/11/15 6:16 p.m.19 views

CVE-2013-2061

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...

2.6CVSS5.9AI score0.02813EPSS
Exploits1
securityvulns
securityvulns
added 2013/10/28 12:0 a.m.82 views

[SECURITY] [DSA 2783-2] librack-ruby regression update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2783-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 24, 2013 http://www.debian.org/security/faq -...

5.1CVSS3.8AI score0.05281EPSS
Exploits1
Debian
Debian
added 2013/10/24 7:29 p.m.31 views

[SECURITY] [DSA 2783-2] librack-ruby regression update

-------------------------------------------------------------------------- Debian Security Advisory DSA-2783-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 24, 2013 http://www.debian.org/security/faq -...

5.1CVSS8.1AI score0.05281EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/10/22 12:0 a.m.30 views

Debian DSA-2783-1 : librack-ruby - several vulnerabilities

Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulnerabilities : - CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...

5.1CVSS6.9AI score0.05281EPSS
Exploits1References13
Debian
Debian
added 2013/10/21 7:20 p.m.24 views

[SECURITY] [DSA 2783-1] librack-ruby security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2783-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 21, 2013 http://www.debian.org/security/faq -...

5.1CVSS8.1AI score0.05281EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/10/21 12:0 a.m.41 views

Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)

Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...

5.1CVSS1.4AI score0.05281EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2013/10/02 12:0 a.m.30 views

FreeBSD : polarssl -- Timing attack against protected RSA-CRT implementation (ccefac3e-2aed-11e3-af10-000c29789cb5)

PolarSSL Project reports : The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount an attack on the RSA key...

4.3CVSS5.5AI score0.02143EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2013/10/01 12:0 a.m.32 views

polarssl -- Timing attack against protected RSA-CRT implementation

PolarSSL Project reports: The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount an attack on the RSA key...

4.3CVSS5.9AI score0.02143EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/09/04 12:0 a.m.22 views

Amazon Linux AMI : openvpn (ALAS-2013-201)

The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. ...

2.6CVSS5.3AI score0.02813EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2013/08/27 6:50 p.m.3 views

nss: TLS CBC padding timing attack

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.8AI score0.03723EPSS
Exploits0References5
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.41 views

gnupg / libcrypt RSA implementation flush+reload timing attack

Private key recovery by using CPU L3 cache timings...

1.9CVSS4.1AI score0.00533EPSS
Exploits0References1Affected Software2
RedHat Linux
RedHat Linux
added 2013/08/07 5:44 p.m.5 views

nss: TLS CBC padding timing attack

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.8AI score0.03723EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/08/05 3:46 p.m.4 views

nss: TLS CBC padding timing attack

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS6.8AI score0.03723EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.43 views

Oracle Linux 5 / 6 : gnutls (ELSA-2013-0588)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0588 advisory. 2.8.5-10.1 - fix CVE-2013-1619 - fix TLS-CBC timing attack 908238 Tenable has extracted the preceding description block directly from the Oracle Linux...

4CVSS5.5AI score0.0644EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2013/06/26 12:0 a.m.35 views

Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird ESR 17.x is prior to 17.0.7 and is, therefore, potentially affected the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...

10CVSS8.2AI score0.69021EPSS
Exploits9References18
Tenable Nessus
Tenable Nessus
added 2013/06/26 12:0 a.m.34 views

Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 17.x is earlier than 17.0.7 and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...

10CVSS7.3AI score0.69021EPSS
Exploits9References18
Rows per page
Query Builder