378 matches found
CVE-2016-7439
CVE-2016-7439 affects the C RSA implementation in wolfSSL (formerly CyaSSL) prior to 3.9.10. The vulnerability allows a local attacker to obtain RSA keys by exploiting cache-bank hit differences, i.e., an information-disclosure issue. Affected products/versions are wolfSSL before 3.9.10; impact i...
CVE-2016-7438
The C software implementation of ECC in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit differences...
CVE-2016-7438
The CVE-2016-7438 entry concerns wolfSSL (formerly CyaSSL) and its C software implementation of ECC. Affected is wolfSSL versions before 3.9.10, where the ECC code enables local attackers to more easily discover RSA keys by exploiting cache-bank hit differences. The impact is local, with partial ...
389-ds-base: Information disclosure via repeated use of LDAP ADD operation
An information disclosure flaw was found in 389 Directory Server. A user with no access to objects in certain LDAP sub-tree could send LDAP ADD operations with a specific object name. The error message returned to the user was different based on whether the target object existed or not...
httpd: HTTP request smuggling attack against chunked request parser
Multiple flaws were found in the way httpd parsed HTTP requests and responses using chunked transfer encoding. A remote attacker could use these flaws to create a specially crafted request, which httpd would decode differently from an HTTP proxy software in front of it, possibly leading to HTTP...
FreeBSD : openssh -- sshd -- remote valid user discovery and PAM /bin/login attack (adccefd1-7080-11e6-a2cb-c80aa9043978)
The OpenSSH project reports : sshd8: Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari...
Debian: Security Advisory (DSA-3626-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openssh: information leakage
Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. Reported by EddieEzra.Harari at verint.com...
openssh -- sshd -- remote valid user discovery and PAM /bin/login attack
The OpenSSH project reports: sshd8: Mitigate timing differences in password authentication that could be used to discern valid from invalid account names when long passwords were sent and particular password hashing algorithms are in use on the server. CVE-2016-6210, reported by EddieEzra.Harari ...
Debian DSA-3626-1 : openssh - security update
Eddie Harari reported that the OpenSSH SSH daemon allows user enumeration through timing differences when trying to authenticate users. When sshd tries to authenticate a non-existing user, it will pick up a fixed fake password structure with a hash based on the Blowfish algorithm. If real users...
[SECURITY] [DSA 3626-1] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3626-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2016 https://www.debian.org/security/faq -...
[SECURITY] [DSA 3626-1] openssh security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3626-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 24, 2016 https://www.debian.org/security/faq -...
[SECURITY] Fedora 23 Update: websvn-2.3.3-13.fc23
WebSVN offers a view onto your subversion repositories that's been designed to reflect the Subversion methodology. You can view the log of any file or directory and see a list of all the files changed, added or deleted in any given revision. You can also view the differences between two versions ...
[SECURITY] Fedora 24 Update: websvn-2.3.3-13.fc24
WebSVN offers a view onto your subversion repositories that's been designed to reflect the Subversion methodology. You can view the log of any file or directory and see a list of all the files changed, added or deleted in any given revision. You can also view the differences between two versions ...
Open redirect
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS1 padding...
Find Differences 150 levels 2 - Base64 encoded String, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Find Differences 150 levels 2 published at the 'play' market has multiple vulnerabilities...
Find The Differences - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Find The Differences published at the 'play' market has multiple vulnerabilities...
Timing Attack
Overview Affected versions of csrf-lite are vulnerable to timing attacks as a result of testing CSRF tokens via a fail-early comparison instead of a constant-time comparison. Timing attacks remove the exponential increase in entropy gained from increased secret length, by providing per-character...
[SECURITY] Fedora 23 Update: websvn-2.3.3-12.fc23
WebSVN offers a view onto your subversion repositories that's been designed to reflect the Subversion methodology. You can view the log of any file or directory and see a list of all the files changed, added or deleted in any given revision. You can also view the differences between two versions ...
Django Security Bypass Vulnerability (CNVD-2016-01467)
Django is a set of Django Software Foundation based on the Python language open source Web application framework. The framework includes object-oriented mapper , view system , template system and so on. A security vulnerability exists in Django versions prior to 1.9.3 and versions 1.6 through 1.8...