715 matches found
FreeBSD : rack -- information leak / session hijack vulnerability (66e4dc99-28b3-11ea-8dde-08002728f74c)
National Vulnerability Database : There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids ar...
Information Disclosure
rack is vulnerable to information disclosure. The vulnerability exists due to the insecure comparison of session IDs. A remote attacker is able to perform timing attacks by analyzing the response time of the server when performing the comparison of session IDs...
CVE-2019-16782
There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...
CVE-2019-16782
There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...
Session fixation
There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...
CVE-2019-16782 Possible Information Leak / Session Hijack Vulnerability in Rack
There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a...
rack -- information leak / session hijack vulnerability
National Vulnerability Database: There's a possible information leak / session hijack vulnerability in Rack RubyGem rack. This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are...
NewStart CGSL CORE 5.04 / MAIN 5.04 : ovmf Multiple Vulnerabilities (NS-SA-2019-0218)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has ovmf packages installed that are affected by multiple vulnerabilities: - Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service vi...
CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel...
Design/Logic Flaw
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel...
UBUNTU-CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel...
CVE-2019-18887
CVE-2019-18887 affects Symfony components in versions 2.8.0–2.8.50, 3.4.0–3.4.34, 4.2.0–4.2.11, and 4.3.0–4.3.7, due to timing-attack vulnerability in UriSigner (related to symfony/http-kernel). Fedora/Nessus details confirm fixes: 2.8.52, 3.4.35, and 4.3.8 releases provided patches. Exploit stat...
CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel...
CVE-2019-18887
An issue was discovered in Symfony 2.8.0 through 2.8.50, 3.4.0 through 3.4.34, 4.2.0 through 4.2.11, and 4.3.0 through 4.3.7. The UriSigner was subject to timing attacks. This is related to symfony/http-kernel...
GHSA-MR6R-82X4-F4JJ Timing attacks might allow practical recovery of the long-term private key
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve whic...
Timing attacks might allow practical recovery of the long-term private key
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve whic...
CVE-2019-10764
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve whic...
CVE-2019-10764
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve whic...
Design/Logic Flaw
In elliptic-php versions priot to 1.0.6, Timing attacks might be possible which can result in practical recovery of the long-term private key generated by the library under certain conditions. Leakage of a bit-length of the scalar during scalar multiplication is possible on an elliptic curve whic...
CVE-2019-10764
The CVE-2019-10764 entry concerns simplito/elliptic-php: versions prior to 1.0.6 are vulnerable to a timing attack during scalar multiplication that leaks a bit-length of the scalar. This leakage can enable practical recovery of the long-term private key under certain conditions. Affected compone...