CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-1413

Malware in sbrugna...

5.9CVSS6.1AI score0.00316EPSS

Exploits0References6

RedhatCVE•added 2025/05/22 3:14 p.m.•3 views

CVE-2020-15237

In Shrine before version 3.3.0, when using the derivationendpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.securecompare...

5.9CVSS6.7AI score0.00316EPSS

Exploits0

Openbugbounty•added 2022/12/29 7:8 a.m.•12 views

bangkokcitypillarshrine.com Cross Site Scripting vulnerability OBB-3122724

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

Openbugbounty•added 2022/10/13 12:33 p.m.•8 views

bangkokcitypillarshrine.com Cross Site Scripting vulnerability OBB-2994154

Exploits0

Openbugbounty•added 2022/06/27 1:8 p.m.•11 views

shrineauditorium.com Cross Site Scripting vulnerability OBB-2687154

6.2AI score

Exploits0

Snyk•added 2020/10/06 12:40 p.m.•2 views

Timing Attack

Overview shrine is a toolkit for file attachments in Ruby applications. Affected versions of this package are vulnerable to Timing Attack when using the derivationendpoint plugin, allowing the attacker to guess the signature of the derivation URL. Remediation Upgrade shrine to version 3.3.0 or...

5.9CVSS6.9AI score0.00316EPSS

Exploits0References2

Veracode•added 2020/10/06 2:55 a.m.•19 views

Timing Attack

shrine is vulnerable to a timing attack. Failure to compare sent and calculated signatures in constant time allows an attacker to guess the signature of the derivation URL during the use of derivationendpoint plugin...

5.9CVSS3.5AI score0.00316EPSS

Exploits0References3Affected Software1

OSV•added 2020/10/05 7:15 p.m.•9 views

CVE-2020-15237

5.9CVSS6.6AI score

Exploits0References2

NVD•added 2020/10/05 7:15 p.m.•8 views

CVE-2020-15237

5.9CVSS0.00316EPSS

Exploits0References2

Prion•added 2020/10/05 7:15 p.m.•8 views

Code injection

4.3CVSS5.9AI score0.00316EPSS

Exploits0References2Affected Software1

CVE•added 2020/10/05 6:30 p.m.•82 views

CVE-2020-15237

CVE-2020-15237 affects Shrine prior to 3.3.0 when using the derivation_endpoint plugin. The issue is a timing attack that could allow an attacker to guess the signature of the derivation URL. The advisory notes that the vulnerability is fixed by comparing the sent and calculated signatures in con...

5.9CVSS5.5AI score0.00316EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/10/05 6:30 p.m.•10 views

CVE-2020-15237 Timing attack in Shrine

5.9CVSS6AI score0.00316EPSS

Exploits0References2

Github Security Blog•added 2020/10/05 3:48 p.m.•37 views

Possible timing attack in derivation_endpoint

Impact When using the derivationendpoint plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL. Patches The problem has been fixed by comparing sent and calculated signature in constant time, using Rack::Utils.securecompare. Users using the...

5.9CVSS3.3AI score0.00316EPSS

Exploits0References5Affected Software1

OSV•added 2020/10/05 3:48 p.m.•10 views

GHSA-5JJV-X4FQ-QJWP Possible timing attack in derivation_endpoint

5.9CVSS5.8AI score0.00316EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by