CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

FreeBSD•added 2016/01/28 12:0 a.m.•23 views

phpmyadmin -- Unsafe comparison of XSRF/CSRF token

The phpMyAdmin development team reports: The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. We consider this vulnerability to be seriou...

7.5CVSS2.1AI score0.02648EPSS

Exploits0References1

phpMyAdmin•added 2016/01/24 12:0 a.m.•32 views

Unsafe comparison of XSRF/CSRF token.

PMASA-2016-5 Announcement-ID: PMASA-2016-5 Date: 2016-01-24 Summary Unsafe comparison of XSRF/CSRF token. Description The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF...

7.5CVSS7AI score0.02648EPSS

Exploits0Affected Software1

RedhatCVE•added 2015/10/30 10:28 a.m.•22 views

CVE-2005-1797

The design of Advanced Encryption Standard AES, aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations...

5.1CVSS7.3AI score0.0074EPSS

Exploits0References2

Tenable Nessus•added 2015/09/30 12:0 a.m.•51 views

Oracle Java SE 6 < Update 101 / 7 < Update 85 / 8 < Update 51 Multiple Vulnerabilities

Binary data 8918.prm...

10CVSS7.8AI score0.47239EPSS

Exploits0References25

Tenable Nessus•added 2015/08/17 12:0 a.m.•28 views

FreeBSD : mediawiki -- multiple vulnerabilities (6241b5df-42a1-11e5-93ad-002590263bf5)

MediaWiki reports : Internal review discovered that Special:DeletedContributions did not properly protect the IP of autoblocked users. This fix makes the functionality of Special:DeletedContributions consistent with Special:Contributions and Special:BlockList. Internal review discovered that...

7.5CVSS5.4AI score0.02747EPSS

Exploits0References17

RedHat Linux•added 2015/08/04 5:13 p.m.•4 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

RedHat Linux•added 2015/07/23 7:20 p.m.•4 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

RedHat Linux•added 2015/07/15 12:35 p.m.•5 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

RedHat Linux•added 2015/07/15 12:1 p.m.•4 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

securityvulns•added 2015/07/05 12:0 a.m.•41 views

libcrypto++ timing attacks

Rabin-Williams algorithm timing attacks...

5CVSS1.9AI score0.02879EPSS

Exploits0References1

The Hacker News•added 2015/05/23 12:14 a.m.•18 views

Astoria — Advanced Tor Client Designed to Avoid NSA Attacks

In response to the threat of intelligence agencies like NSA and GCHQ, Security researchers from American and Israeli academics have developed a new advanced Tor client called Astoria specially designed to make eavesdropping harder. Tor The Onion Router is the most popular anonymity network that i...

6.3AI score

OpenVAS•added 2015/02/11 12:0 a.m.•86 views

Fortinet FortiWeb Multiple Vulnerabilities in OpenSSL (FG-IR-14-018)

Fortinet FortiWeb is prone to multiple vulnerabilities in OpenSSL. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.4CVSS6.8AI score0.99977EPSS

Exploits13References2

Hacker One•added 2014/10/12 6:27 p.m.•13 views

WP API: Cryptographic Side Channel in OAuth Library

Because hashes and tokens are compared with the !== and === operators, these checks may be susceptible to timing attacks. More info: http://codahale.com/a-lesson-in-timing-attacks/ Affected code:...

0.7AI score

securityvulns•added 2014/08/24 12:0 a.m.•66 views

[USN-2325-1] OpenStack Nova vulnerability

========================================================================== Ubuntu Security Notice USN-2325-1 August 21, 2014 nova vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...

4.3CVSS0.5AI score0.01938EPSS

Ubuntu•added 2014/08/21 9:20 p.m.•59 views

USN-2325-1: OpenStack Nova vulnerability

Alex Gaynor discovered that OpenStack Nova would sometimes respond with variable times when comparing authentication tokens. If nova were configured to proxy metadata requests via Neutron, a remote authenticated attacker could exploit this to conduct timing attacks and ascertain configuration...

4.3CVSS5.4AI score0.01938EPSS