Lucene search
+L

179 matches found

prion
prion
added 2020/10/08 2:15 p.m.30 views

Design/Logic Flaw

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...

1.2CVSS5.5AI score0.00268EPSS
Exploits0References4Affected Software1
cve
cve
added 2020/10/08 12:0 a.m.308 views

CVE-2020-12400

CVE-2020-12400 is an NSS-related timing vulnerability affecting Firefox < 80 and Firefox for Android

4.7CVSS5.7AI score0.00268EPSS
Exploits0References4Affected Software1
debiancve
debiancve
added 2020/10/08 12:0 a.m.36 views

CVE-2020-12400

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...

4.7CVSS6.7AI score0.00268EPSS
Exploits0
alpinelinux
alpinelinux
added 2020/10/08 12:0 a.m.50 views

CVE-2020-12400

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...

4.7CVSS6.2AI score0.00268EPSS
Exploits0
mozilla
mozilla
added 2020/09/02 12:0 a.m.105 views

Security Vulnerabilities fixed in Firefox for Android 80 — Mozilla

By holding a reference to the eval function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious...

6.5CVSS8.2AI score0.01449EPSS
Exploits1References8Affected Software1
mozilla
mozilla
added 2020/08/25 12:0 a.m.96 views

Security Vulnerabilities fixed in Firefox 80 — Mozilla

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with administrative privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled...

9.3CVSS0.9AI score0.02716EPSS
Exploits1References10Affected Software1
ubuntucve
ubuntucve
added 2020/08/05 12:0 a.m.38 views

CVE-2020-12400

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox 80 and Firefox for Android 80...

4.7CVSS6.8AI score0.00268EPSS
Exploits0References5
ubuntu
ubuntu
added 2020/02/05 12:12 p.m.92 views

USN-4267-1: ARM mbed TLS vulnerabilities

It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. CVE-2017-18187 It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a...

9.8CVSS7.6AI score0.04884EPSS
Exploits0
osv
osv
added 2018/08/22 1:29 p.m.19 views

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.5AI score0.03623EPSS
Exploits0References10
prion
prion
added 2018/07/28 5:29 p.m.29 views

Code injection

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

4.3CVSS5.7AI score0.35584EPSS
Exploits1References4Affected Software2
ubuntucve
ubuntucve
added 2018/07/28 5:29 p.m.39 views

CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

5.9CVSS6.6AI score0.02674EPSS
Exploits0References3
osv
osv
added 2018/07/28 5:29 p.m.40 views

CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

5.9CVSS6.9AI score
Exploits0References4
cvelist
cvelist
added 2018/07/28 5:0 p.m.39 views

CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

5.9AI score0.02674EPSS
Exploits0References4
cve
cve
added 2018/07/28 5:0 p.m.159 views

CVE-2018-0497

CVE-2018-0497 affects ARM mbed TLS prior to 2.12.0, prior to 2.7.5, and prior to 2.1.14. It enables remote partial plaintext recovery in CBC-based ciphersuites via a timing-based side-channel attack. The issue stems from an incorrect fix for CVE-2013-0169, specifically a wrong SHA-384 calculation...

5.9CVSS5.9AI score0.02674EPSS
Exploits0References4Affected Software1
debiancve
debiancve
added 2018/07/28 5:0 p.m.90 views

CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

5.9CVSS6.7AI score0.02674EPSS
Exploits0
alpinelinux
alpinelinux
added 2018/07/28 5:0 p.m.119 views

CVE-2018-0497

ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows remote attackers to achieve partial plaintext recovery for a CBC based ciphersuite via a timing-based side-channel attack. This vulnerability exists because of an incorrect fix with a wrong SHA-384 calculation for CVE-2013-0169...

5.9CVSS6.1AI score0.02674EPSS
Exploits0
redhat
redhat
added 2018/02/01 4:6 p.m.91 views

Important: Red Hat Security Advisory: chromium-browser security update

An update for chromium-browser is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

8.8CVSS6.5AI score0.02149EPSS
Exploits0References25
osv
osv
added 2018/01/25 1:36 p.m.10 views

MGASA-2018-0099 Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...

9.8CVSS8.5AI score0.07262EPSS
Exploits0References6
osv
osv
added 2018/01/25 12:47 p.m.8 views

MGASA-2018-0097 Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...

9.8CVSS8.5AI score0.07262EPSS
Exploits0References6
mageia
mageia
added 2018/01/25 12:47 p.m.45 views

Updated firefox packages fix security vulnerabilities

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox CVE-2018-5089, CVE-2018-5091, CVE-2018-5095, CVE-2018-5096,...

9.8CVSS4AI score0.07262EPSS
Exploits0References5
Rows per page
Query Builder