Lucene search
K

3242 matches found

Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.300 views

Scientific Linux Security Update : java (jdk 1.6.0) on SL4.x, SL5.x i386/x86_64

CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-3873 OpenJDK JPEG Image Writer quantization problem 6862968 CVE-2009-3875 OpenJDK MessageDigest.isEqual introduces timing attack vulnerabilities 6863503 CVE-2009-3876 OpenJDK ASN.1/DER input stream parser denial of service 68649...

9.3CVSS6.8AI score0.73376EPSS
Exploits24References23
Tenable Nessus
Tenable Nessus
added 2012/02/10 12:0 a.m.32 views

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)

It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...

9.3CVSS7.7AI score0.17687EPSS
Exploits1References11
Ubuntu
Ubuntu
added 2012/02/09 10:39 p.m.92 views

USN-1357-1: OpenSSL vulnerabilities

It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...

9.3CVSS7.8AI score0.17687EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2012/01/04 12:0 a.m.62 views

OpenSSL AES Timing Attack

S-box lookup can hardly be performed in constant time in AES implementations. Theoretically, remote attackers could recover AES keys by performing a timing attack on these S-box lookup. No practical implementation of a remote attack is known. C Tenable Network Security, Inc. include"compat.inc"; ...

5.1CVSS5.4AI score0.0074EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/12/15 12:0 a.m.26 views

SeaMonkey < 2.1 CSS Browser History Disclosure Vulnerability

The installed version of SeaMonkey is earlier than 2.1.0 and is affected by an information disclosure vulnerability. The JavaScript function 'getComputedStyle', and functions like it, can be used in a timing attack to determine if a browser has visited links on the page. C Tenable Network Securit...

4.3CVSS5.8AI score0.00702EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2011/12/15 12:0 a.m.35 views

Firefox < 4 CSS Browser History Disclosure Vulnerability

The installed version of Firefox 3 is potentially affected by an information disclosure vulnerability. The JavaScript function 'getComputedStyle', and functions like it, can be used in a timing attack to determine if a browser has visited links on the page. C Tenable Network Security, Inc...

4.3CVSS5.8AI score0.00702EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2011/12/13 12:0 a.m.30 views

SuSE 10 Security Update : OpenSSL (ZYPP Patch Number 7550)

This update of openssl fixes a timing attack. This attack can be used to obtain the private key of a TLS server whenever ECDSA signatures are used. CVE-2011-1945: CVSS v2 Base Score: 4.3 important AV:N/AC:M/Au:N/C:P/I:N/A:N: Cryptographic Issues. CWE-310 %NASLMINLEVEL 70300 C Tenable Network...

2.6CVSS7.6AI score0.0343EPSS
Exploits1References2
NVD
NVD
added 2011/12/07 7:55 p.m.24 views

CVE-2010-5074

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets CSS token sequences, which makes it easier for remote attackers to obtain sensitive information...

4.3CVSS6AI score0.00702EPSS
Exploits0References2
Prion
Prion
added 2011/12/07 7:55 p.m.18 views

Code injection

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets CSS token sequences, which makes it easier for remote attackers to obtain sensitive information...

4.3CVSS6.6AI score0.00702EPSS
Exploits0References2Affected Software3
UbuntuCve
UbuntuCve
added 2011/12/07 7:55 p.m.24 views

CVE-2010-5074

The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets CSS token sequences, which makes it easier for remote attackers to obtain sensitive information...

4.3CVSS6AI score0.00702EPSS
Exploits0References1
CVE
CVE
added 2011/12/07 7:0 p.m.66 views

CVE-2010-5074

CVE-2010-5074 affects Mozilla Firefox (before 4.0), Thunderbird (before 3.3), and SeaMonkey (before 2.1). The vulnerability stems from the layout engine comparing visited vs. unvisited links while processing CSS token sequences, causing a timing-based information disclosure. An attacker could rem...

4.3CVSS8.9AI score0.00702EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2011/09/30 12:0 a.m.39 views

Mandriva Update for openssl MDVSA-2011:137 (openssl)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS7.6AI score0.05012EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2011/09/29 12:0 a.m.45 views

Mandriva Linux Security Advisory : openssl (MDVSA-2011:137)

Multiple vulnerabilities has been discovered and corrected in openssl : The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary...

5CVSS7.6AI score0.05012EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2011/09/29 12:0 a.m.36 views

Mandriva Linux Security Advisory : openssl (MDVSA-2011:136)

A vulnerability was discovered and corrected in openssl : The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which...

2.6CVSS7.5AI score0.0343EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2011/09/14 12:0 a.m.31 views

Debian DSA-2309-1 : openssl - compromised certificate authority

Several fraudulent SSL certificates have been found in the wild issued by the DigiNotar Certificate Authority, obtained through a security compromise of said company. After further updates on this incident, it has been determined that all of DigiNotar's signing certificates can no longer be...

2.6CVSS7.2AI score0.0343EPSS
Exploits1References4
OSV
OSV
added 2011/09/13 12:0 a.m.20 views

DSA-2309-1 openssl - compromised certificate authority

Bulletin has no description...

2.6CVSS7.2AI score0.0343EPSS
Exploits1
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.49 views

CentOS Update for java CESA-2009:1584 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

9.3CVSS6.5AI score0.65461EPSS
Exploits9References2
F5 Networks
F5 Networks
added 2011/08/02 12:0 a.m.31 views

SOL12998 - OpenSSL vulnerability CVE-2011-1945

The elliptic curve cryptography ECC subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm ECDSA is used for the ECDHEECDSA cipher suite, does not properly implement curves over binary fields, which makes it easier for context-dependent attackers to determine...

2.6CVSS7.1AI score0.0343EPSS
Exploits1
OpenVAS
OpenVAS
added 2011/07/07 12:0 a.m.26 views

Mozilla Products WebGL Information Disclosure Vulnerability (Jul 2011) - Windows

Mozilla Firefox or Thunderbird is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

4.3CVSS5.9AI score0.01423EPSS
Exploits2References5
NVD
NVD
added 2011/06/30 3:55 p.m.23 views

CVE-2011-2599

Google Chrome 11 does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader...

4.3CVSS6.3AI score0.00805EPSS
Exploits1References3
Rows per page
Query Builder