Lucene search
K

3242 matches found

Tenable Nessus
Tenable Nessus
added 2013/06/26 12:0 a.m.32 views

Thunderbird < 17.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird is earlier than 17.0.7 and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682, CVE-2013-1683 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...

10CVSS8.2AI score0.69021EPSS
Exploits11References29
Tenable Nessus
Tenable Nessus
added 2013/06/26 12:0 a.m.47 views

Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities

The installed version of Firefox ESR 17.x is earlier than 17.0.7, and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...

10CVSS7.2AI score0.69021EPSS
Exploits9References18
Tenable Nessus
Tenable Nessus
added 2013/06/26 12:0 a.m.36 views

Mozilla Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities

The installed version of Thunderbird ESR 17.x is earlier than 17.0.7 and is, therefore, potentially affected the following vulnerabilities: - Various, unspecified memory safety issues exist. CVE-2013-1682 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...

10CVSS8.1AI score0.69021EPSS
Exploits9References18
Tenable Nessus
Tenable Nessus
added 2013/06/26 12:0 a.m.35 views

Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Thunderbird ESR 17.x is prior to 17.0.7 and is, therefore, potentially affected the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...

10CVSS8.2AI score0.69021EPSS
Exploits9References18
Tenable Nessus
Tenable Nessus
added 2013/06/26 12:0 a.m.34 views

Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)

The installed version of Firefox ESR 17.x is earlier than 17.0.7 and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...

10CVSS7.3AI score0.69021EPSS
Exploits9References18
RedHat Linux
RedHat Linux
added 2013/06/25 8:10 p.m.37 views

Critical: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

10CVSS7.5AI score0.69021EPSS
Exploits9References10
Amazon
Amazon
added 2013/06/11 12:0 a.m.25 views

Low: openvpn

Issue Overview: The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the C...

2.6CVSS6.4AI score0.02813EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2013/05/14 5:49 p.m.5 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2013/05/08 12:0 a.m.39 views

Fedora 17 : rubygem-rack-1.4.0-4.fc17 (2013-2315)

Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...

5.1CVSS6.5AI score0.05281EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2013/05/08 12:0 a.m.31 views

Fedora 18 : rubygem-rack-1.4.0-5.fc18 (2013-2306)

Patch for - path sanitization information disclosure CVE-2013-0262 - timing attack in cookie sessions CVE-2013-0263 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format ...

5.1CVSS6.5AI score0.05281EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2013/05/01 5:59 p.m.7 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/05/01 5:58 p.m.45 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2013/04/10 12:0 a.m.138 views

RHEL 6 : Subscription Asset Manager (RHSA-2013:0686)

Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

7.5CVSS8AI score0.13911EPSS
Exploits2References15
Tenable Nessus
Tenable Nessus
added 2013/04/08 12:0 a.m.20 views

FreeBSD : OpenVPN -- potential side-channel/timing attack when comparing HMACs (92f30415-9935-11e2-ad4c-080027ef73ec)

The OpenVPN project reports : OpenVPN 2.3.0 and earlier running in UDP mode are subject to chosen ciphertext injection due to a non-constant-time HMAC comparison function. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted fr...

2.6CVSS5.4AI score0.02813EPSS
Exploits1References5
FreeBSD Advisory
FreeBSD Advisory
added 2013/04/02 12:0 a.m.19 views

FreeBSD-SA-13:03.openssl

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:03.openssl Security Advisory The FreeBSD Project Topic: OpenSSL multiple vulnerabilities Category: contrib Module: openssl Announced: 2013-04-02 Affects: All...

5CVSS6.8AI score0.35584EPSS
Exploits1
FreeBSD
FreeBSD
added 2013/04/02 12:0 a.m.49 views

FreeBSD -- OpenSSL multiple vulnerabilities

A flaw in the OpenSSL handling of OCSP response verification could be exploited to cause a denial of service attack. OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and DTLS. The weakness could reveal plaintext in a timing attack...

5CVSS6.8AI score0.1965EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/03/26 7:10 p.m.6 views

rubygem-rack: Timing attack in cookie sessions

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS7AI score0.05281EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/26 7:10 p.m.143 views

Moderate: Red Hat Security Advisory: Subscription Asset Manager 1.2.1 update

Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

7.5CVSS6.7AI score0.13911EPSS
Exploits2References11
RedHat Linux
RedHat Linux
added 2013/03/14 4:40 p.m.2 views

Security: Ability to determine if username is valid via DaoAuthenticationProvider

DaoAuthenticationProvider in VMware SpringSource Spring Security before 2.0.8, 3.0.x before 3.0.8, and 3.1.x before 3.1.3 does not check the password if the user is not found, which makes the response delay shorter and might allow remote attackers to enumerate valid usernames via a series of logi...

5CVSS7.4AI score0.01936EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/03/14 12:0 a.m.16 views

Fedora 18 : mingw-gnutls-2.12.23-1.fc18 (2013-3453)

Version 2.12.23 released 2012-02-04 - libgnutls: Eliminated memory leak in PCKS 11 initialization. Report and fix by Sam Varshavchik. - libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Patterson and Nadhem Alfardan. - libgnutls: DN variable 'T' was...

5.4AI score
Exploits0References1
Rows per page
Query Builder