Lucene search
K

3242 matches found

Tenable Nessus
Tenable Nessus
added 2013/03/14 12:0 a.m.16 views

Fedora 18 : mingw-gnutls-2.12.23-1.fc18 (2013-3453)

Version 2.12.23 released 2012-02-04 - libgnutls: Eliminated memory leak in PCKS 11 initialization. Report and fix by Sam Varshavchik. - libgnutls: Fixes in record padding parsing to prevent a timing attack. Issue reported by Kenny Patterson and Nadhem Alfardan. - libgnutls: DN variable 'T' was...

5.4AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2013/03/13 2:40 p.m.5 views

gnutls: TLS CBC padding timing attack (lucky-13)

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS6.8AI score0.0644EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2013/03/13 2:40 p.m.7 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/03/12 5:52 p.m.6 views

rubygem-rack: Timing attack in cookie sessions

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS7AI score0.05281EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/03/12 5:52 p.m.38 views

Moderate: Red Hat Security Advisory: Red Hat OpenShift Enterprise 1.1.2 update

Red Hat OpenShift Enterprise 1.1.2, which fixes several security issues, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for eac...

7.5CVSS6.5AI score0.05281EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2013/03/05 12:0 a.m.32 views

RHEL 5 / 6 : openssl (RHSA-2013:0587)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0587 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols, as well as a...

5CVSS7.1AI score0.35584EPSS
Exploits2References10
RedHat Linux
RedHat Linux
added 2013/03/04 9:5 p.m.4 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/03/04 9:4 p.m.3 views

gnutls: TLS CBC padding timing attack (lucky-13)

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS6.8AI score0.0644EPSS
Exploits1References6
Oracle linux
Oracle linux
added 2013/03/04 12:0 a.m.40 views

gnutls security update

2.8.5-10.1 - fix CVE-2013-1619 - fix TLS-CBC timing attack 908238...

4CVSS1.7AI score0.0644EPSS
Exploits1
Oracle linux
Oracle linux
added 2013/03/04 12:0 a.m.60 views

openssl security update

1.0.0-27.2 - fix for CVE-2013-0169 - SSL/TLS CBC timing attack 907589 - fix for CVE-2013-0166 - DoS in OCSP signatures checking 908052 - enable compression only if explicitly asked for or OPENSSLDEFAULTZLIB environment variable is set fixes CVE-2012-4929 857051 - use securegetenv everywhere inste...

5CVSS2.3AI score0.35584EPSS
Exploits2
Ubuntu
Ubuntu
added 2013/02/21 1:55 p.m.74 views

USN-1732-1: OpenSSL vulnerabilities

Adam Langley and Wolfgang Ettlingers discovered that OpenSSL incorrectly handled certain crafted CBC data when used with AES-NI. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 12.10...

5CVSS6.5AI score0.39593EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2013/02/20 9:40 p.m.3 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/02/20 11:24 a.m.12 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/02/20 11:6 a.m.3 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2013/02/20 10:45 a.m.5 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
OpenVAS
OpenVAS
added 2013/02/13 12:0 a.m.37 views

Debian Security Advisory DSA 2621-1 (openssl - several vulnerabilities)

Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0166 OpenSSL does not properly perform signature verification for OCSP responses, which allows remote attackers to cause a denial of service via an inval...

5CVSS0.2AI score0.35584EPSS
Exploits1References1
OSV
OSV
added 2013/02/08 8:55 p.m.1 views

DEBIAN-CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS6.9AI score0.05281EPSS
Exploits0References1
OSV
OSV
added 2013/02/08 8:55 p.m.9 views

CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS7.3AI score0.05281EPSS
Exploits0References19
NVD
NVD
added 2013/02/08 8:55 p.m.19 views

CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS7.4AI score0.05281EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2013/02/08 8:55 p.m.27 views

CVE-2013-0263

Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, 1.3.x before 1.3.10, 1.2.x before 1.2.8, and 1.1.x before 1.1.6 allows remote attackers to guess the session cookie, gain privileges, and execute arbitrary code via a timing attack involving an HMAC comparison function that doe...

5.1CVSS6.7AI score0.05281EPSS
Exploits0References2
Rows per page
Query Builder