Lucene search
K

177 matches found

Xen Project
Xen Project
added 2017/10/12 12:0 p.m.594 views

Stale TLB entry due to page type release race

ISSUE DESCRIPTION x86 PV guests effect TLB flushes by way of a hypercall. Xen tries to reduce the number of TLB flushes by delaying them as much as possible. When the last type reference of a page is dropped, the need for a TLB flush before the page is re-used is recorded. If a guest TLB flush...

7.8CVSS7.1AI score0.0033EPSS
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2015/12/23 12:0 a.m.31 views

Arastta 1.1.5 SQL Injection

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Arastta 1.1.5 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://arastta.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor: 11/21/2015 Disclosed to public: 12/21/2015 Releas...

0.5AI score
Exploits0
seebug.org
seebug.org
added 2015/09/19 12:0 a.m.24 views

ZeusCart v4.0 /classes/Core/CFeaturedItems.php SQL注入

ZeusCart 4.0: SQL Injection1.漏洞描述在ZeusCart4.0中存在两个注入漏洞,一个注入不需要任何条件即可exploit,另一个是是发生在admin后台的注入。因为大部分参数都是依赖于简单的过滤,所以很容易由于过滤不全而产生漏洞。2a. Timing based Blind SQL Injection 基于时间的盲注证明:http://localhost/zeuscart-master/index.php?do=featured&action=showmaincatlanding&maincatid=-1AND IFSUBSTRINGversion, 1,...

8AI score
Exploits0
exploitpack
exploitpack
added 2015/09/17 12:0 a.m.20 views

ZeusCart 4.0 - SQL Injection

ZeusCart 4.0 - SQL Injection ZeusCart 4.0: SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: ZeusCart 4.0 Fixed in: not fixed Fixed Version Link: n/a Vendor Contact: [email protected] Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/09/01 12:0 a.m.23 views

Serendipity 2.0.1 Blind SQL Injection

Serendipity 2.0.1: Blind SQL Injection Security Advisory – Curesec Research Team 1. Introduction Affected Product: Serendipity 2.0.1 Fixed in: 2.0.2 Fixed Version Link: https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip Vendor Contact: [email protected]...

Exploits0
RedHat Linux
RedHat Linux
added 2014/12/02 4:59 p.m.5 views

mysql: Remote Preauth User Enumeration flaw

Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames...

5CVSS6.7AI score0.14784EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2014/10/01 6:10 p.m.4 views

Framework: Information disclosure via SSRF

It was found that the Spring Framework did not, by default, disable the resolution of URI references in a DTD declaration when processing user-provided XML documents. By observing differences in response times, an attacker could identify valid IP addresses on the internal network with functioning...

8.8CVSS7.3AI score0.01696EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2013/08/08 12:0 a.m.25 views

Ubuntu: Security Advisory (USN-1923-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

1.9CVSS6.7AI score0.00533EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2013/08/01 1:45 a.m.57 views

USN-1923-1: GnuPG, Libgcrypt vulnerability

Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys...

1.9CVSS5.8AI score0.00533EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/08/01 12:0 a.m.23 views

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : gnupg, libgcrypt11 vulnerability (USN-1923-1)

Yuval Yarom and Katrina Falkner discovered a timing-based information leak, known as Flush+Reload, that could be used to trace execution in programs. GnuPG and Libgcrypt followed different execution paths based on key-related data, which could be used to expose the contents of private keys. Note...

1.9CVSS5.8AI score0.00533EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.33 views

Debian Security Advisory DSA 253-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 253-1. OpenVAS Vulnerability Test $Id: deb2531.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 253-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

5CVSS0.13718EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.21 views

Debian Security Advisory DSA 253-1 (openssl)

The remote host is missing an update to openssl announced via advisory DSA 253-1. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.6AI score0.13718EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.33 views

Mandrake Linux Security Advisory : openssl (MDKSA-2003:035)

Researchers discovered a timing-based attack on RSA keys that OpenSSL is generally vulnerable to, unless RSA blinding is enabled. Patches from the OpenSSL team have been applied to turn RSA blinding on by default. An extension of the 'Bleichenbacher attack' on RSA with PKS 1 v1.5 padding as used ...

7.5CVSS8.1AI score0.06393EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.47 views

RHEL 2.1 : openssl (RHSA-2003:063)

Updated OpenSSL packages are available that fix a potential timing-based attack. Updated 12 March 2003 Added packages for Red Hat Enterprise Linux ES and Red Hat Enterprise Linux WS OpenSSL is a commercial-grade, full-featured, open source toolkit which implements the Secure Sockets Layer SSL v2/...

5CVSS8.1AI score0.13718EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2003/06/23 5:37 p.m.11 views

Important: Red Hat Security Advisory: : : : Updated OpenSSL packages fix vulnerabilities

Updated OpenSSL packages that fix potential timing-based and modified Bleichenbacher attacks are available for Red Hat Linux on IBM iSeries and pSeries systems. OpenSSL is a commercial-grade, full-featured, and open source toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer...

7.5CVSS7.2AI score0.13718EPSS
Exploits0References3
Debian
Debian
added 2003/02/24 2:0 p.m.65 views

[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 253-1 [email protected] http://www.debian.org/security/ Martin Schulze February 24th, 2003 http://www.debian.org/security/faq -...

5CVSS9.2AI score0.13718EPSS
Exploits0
Debian
Debian
added 2003/02/24 2:0 p.m.28 views

[SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability

-------------------------------------------------------------------------- Debian Security Advisory DSA 253-1 [email protected] http://www.debian.org/security/ Martin Schulze February 24th, 2003 http://www.debian.org/security/faq -...

5CVSS0.1AI score0.13718EPSS
Exploits0
Rows per page
Query Builder