3242 matches found
Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem 6862968 CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities 6863503 CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service 68649...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)
It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...
USN-1357-1: OpenSSL vulnerabilities
It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...
OpenSSL AES Timing Attack
S-box lookup can hardly be performed in constant time in AES implementations. Theoretically, remote attackers could recover AES keys by performing a timing attack on these S-box lookup. No practical implementation of a remote attack is known. C Tenable Network Security, Inc. include"compat.inc"; ...
SeaMonkey < 2.1 CSS Browser History Disclosure Vulnerability
The installed version of SeaMonkey is earlier than 2.1.0 and is affected by an information disclosure vulnerability. The JavaScript function 'getComputedStyle', and functions like it, can be used in a timing attack to determine if a browser has visited links on the page. C Tenable Network Securit...
Firefox < 4 CSS Browser History Disclosure Vulnerability
The installed version of Firefox 3 is potentially affected by an information disclosure vulnerability. The JavaScript function 'getComputedStyle', and functions like it, can be used in a timing attack to determine if a browser has visited links on the page. C Tenable Network Security, Inc...
SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7550)
This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues. CWE-310 %NASLMINLEVEL 70300 C Tenable Network...
CVE-2010-5074
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets CSS token sequences, which makes it easier for remote attackers to obtain sensitive information...
Code injection
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets CSS token sequences, which makes it easier for remote attackers to obtain sensitive information...
CVE-2010-5074
The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets CSS token sequences, which makes it easier for remote attackers to obtain sensitive information...
CVE-2010-5074
CVE-2010-5074 affects Mozilla Firefox (before 4.0), Thunderbird (before 3.3), and SeaMonkey (before 2.1). The vulnerability stems from the layout engine comparing visited vs. unvisited links while processing CSS token sequences, causing a timing-based information disclosure. An attacker could rem...
Mandriva Update for openssl MDVSA-2011:137 (openssl)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Mandriva Linux Security Advisory : openssl (MDVSA-2011:137)
Multiple vulnerabilities has been discovered and corrected in openssl : The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary...
Mandriva Linux Security Advisory : openssl (MDVSA-2011:136)
A vulnerability was discovered and corrected in openssl : The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which...
Debian DSA-2309-1 : openssl - compromised certificate authority
Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar's signing certificates can no longer be...
DSA-2309-1 openssl - compromised certificate authority
Bulletin has no description...
CentOS Update for java CESA-2009:1584 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
SOL12998 - OpenSSL vulnerability CVE-2011-1945
The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine...
Mozilla Products WebGL Information Disclosure Vulnerability (Jul 2011) - Windows
Mozilla Firefox or Thunderbird is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...
CVE-2011-2599
Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader...