Lucene search
K

3244 matches found

RedHat Linux
RedHat Linux
added 2005/12/19 5:29 p.m.5 views

security flaw

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...

5.6CVSS6.6AI score0.00505EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/06/08 12:0 a.m.35 views

Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)

Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys CVE-2005-0109. The OpenSSL library has been patched to add a new fixed-window modexp implementation as default for RSA, DSA, and DH private key operations. The...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References1
Cent OS
Cent OS
added 2005/06/01 11:22 p.m.87 views

openssl, openssl095a, openssl096 security update

CentOS Errata and Security Advisory CESA-2005:476-01 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References8
Cent OS
Cent OS
added 2005/06/01 5:56 p.m.81 views

openssl, openssl096b security update

CentOS Errata and Security Advisory CESA-2005:476 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2005/06/01 1:32 p.m.31 views

Moderate: Red Hat Security Advisory: openssl security update

Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References4
securityvulns
securityvulns
added 2005/03/17 12:0 a.m.37 views

MDKSA-2005:057 - Updated gnupg packages fix vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: gnupg Advisory ID: MDKSA-2005:057 Date: March 15th, 2005 Affected versions: 10.0, 10.1, 9.2, Corporate 3.0, Corporate Server 2.1 Problem Description: The OpenPGP protocol is vulnerable to a...

5CVSS0.3AI score0.02946EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/03/16 12:0 a.m.34 views

Mandrake Linux Security Advisory : gnupg (MDKSA-2005:057)

The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called 'quick scan' and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption. The updated...

5CVSS5.7AI score0.02946EPSS
Exploits0References2
Cvelist
Cvelist
added 2005/03/08 5:0 a.m.30 views

CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...

5.1AI score0.00505EPSS
Exploits0References18
CVE
CVE
added 2005/03/08 5:0 a.m.99 views

CVE-2005-0109

Technical details for CVE-2005-0109 are not provided in the supplied documents. The set includes historical references and later OpenSSL advisories, but no specific product, root cause, impact, or fix details here. Monitor for updates.

5.6CVSS5.4AI score0.00505EPSS
Exploits0References18Affected Software8
NVD
NVD
added 2005/03/05 5:0 a.m.27 views

CVE-2005-0109

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...

5.6CVSS5.2AI score0.00505EPSS
Exploits0References18
Cvelist
Cvelist
added 2005/02/20 5:0 a.m.16 views

CVE-2004-1602

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...

6.6AI score0.30679EPSS
Exploits1References5
NVD
NVD
added 2004/12/31 5:0 a.m.32 views

CVE-2004-2682

PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer...

5.8CVSS6.3AI score0.0079EPSS
Exploits0References1
seebug.org
seebug.org
added 2004/10/17 12:0 a.m.24 views

ProFTPD <= 1.2.10 Remote Users Enumeration Exploit

No description provided by source. / Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at...

7.1AI score
Exploits0
0day.today
0day.today
added 2004/10/17 12:0 a.m.52 views

ProFTPD <= 1.2.10 Remote Users Enumeration Exploit

Exploit for linux platform in category remote exploits ================================================== ProFTPD include include include include define PORT 21 define PROBE 8 main int argc, char argv int sock,n,y; long dist,stat=0; struct sockaddrin sin; char buf1024, buf21024; struct timeval t...

7.1AI score
Exploits0
NVD
NVD
added 2004/10/15 4:0 a.m.10 views

CVE-2004-1602

ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...

5CVSS6.7AI score0.30679EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.37 views

Debian DSA-253-1 : openssl - information leak

A vulnerability has been discovered in OpenSSL, a Secure Socket Layer SSL implementation. In an upcoming paper, Brice Canvel EPFL, Alain Hiltgen UBS, Serge Vaudenay EPFL, and Martin Vuagnoux EPFL, Ilion describe and demonstrate a timing-based attack on CBC cipher suites used in SSL and TLS. OpenS...

5CVSS7.8AI score0.13718EPSS
Exploits0References2
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.34 views

CVE-2003-0078

ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...

5.9AI score0.13718EPSS
Exploits0References20
CVE
CVE
added 2004/09/01 4:0 a.m.96 views

CVE-2003-0078

CVE-2003-0078 affects OpenSSL: ssl3_get_record in s3_pkt.c does not perform a MAC when padding is incorrect, causing a timing side channel that could aid padding/MAC verification discrimination and potentially lead to plaintext recovery. The vulnerability applies to OpenSSL versions before 0.9.7a...

5CVSS9.2AI score0.13718EPSS
Exploits0References20Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.40 views

Mandrake Linux Security Advisory : openssl (MDKSA-2003:020)

In an upcoming paper, Brice Canvel EPFL, Alain Hiltgen UBS, Serge Vaudenay EPFL, and Martin Vuagnoux EPFL, Ilion describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability 0.9.6i and 0.9.7a. The...

5CVSS7.9AI score0.13718EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/25 12:0 a.m.38 views

SUSE-SA:2003:011: openssl

The remote host is missing the patch for the advisory SUSE-SA:2003:011 openssl. OpenSSL is an implementation of the Secure Sockets Layer and Transport Layer Security protocols and provides strong cryptography for many applications in a Linux system. It is a default package in all SUSE products. A...

5CVSS7.9AI score0.13718EPSS
Exploits0References1
Rows per page
Query Builder