Lucene search
K

3242 matches found

CVE
CVE
added 2009/11/05 4:0 p.m.118 views

CVE-2009-3875

CVE-2009-3875 : The Java Runtime Environment (JRE) in Sun/Oracle Java SE has a timing-attack flaw in the HMAC digest verification that could allow forged signatures and potentially bypass authentication. Affected products include JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, and older...

5CVSS6.3AI score0.03107EPSS
Exploits1References25Affected Software3
UbuntuCve
UbuntuCve
added 2009/11/05 12:0 a.m.37 views

CVE-2009-3875

The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...

5CVSS5.9AI score0.03107EPSS
Exploits1References4
Kaspersky
Kaspersky
added 2009/11/05 12:0 a.m.140 views

KLA10344 Multiple vulnerabilities in Sun Java SE

Multiple serious vulnerabilities have been found in SUN Java SE. Malicious users can exploit these vulnerabilities to cause denial of service or bypass authentication. Below is a complete list of vulnerabilities 1. Unknown vectors can be exploited remotely via specially designed HTTP headers or...

5CVSS6.9AI score0.04813EPSS
Exploits1References4
ThreatPost
ThreatPost
added 2009/06/08 7:30 p.m.8 views

Crypto flaws becoming a killer for Web applications

One of the few things that most people in the security community seem to agree on is that there is a dire need for better security around Web applications. That need begins with the lack of security training for most Web developers and extends through the inconsistent use of Web-application...

7.2AI score
Exploits0References3
ThreatPost
ThreatPost
added 2009/06/02 12:57 p.m.19 views

Timing attack in Google Keyczar library

Firstly, I’m really glad to see more high-level libraries being developed so that programmers don’t have to work directly with algorithms. Keyczar is definitely a step in the right direction. Thanks to all the people who developed it. Also, thanks to Stephen Weis for responding quickly to address...

0.2AI score
Exploits0References10
securityvulns
securityvulns
added 2007/09/26 12:0 a.m.51 views

[waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11

waraxe-2007-SA053 - Critical Sql Injection in NukeSentinel 2.5.11 ==================================================================== Author: Janek Vind "waraxe" Date: 25. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-53.html Target software description:...

8.1AI score
Exploits0
seebug.org
seebug.org
added 2007/02/14 12:0 a.m.134 views

Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit

No description provided by source. !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi [email protected] OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately ...

5CVSS7AI score0.76751EPSS
Exploits10
Packet Storm
Packet Storm
added 2007/02/14 12:0 a.m.165 views

openssh-timing.txt

!/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote...

5CVSS6.5AI score0.76751EPSS
Exploits10
seebug.org
seebug.org
added 2007/02/13 12:0 a.m.113 views

Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit

No description provided by source. !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi [email protected] OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an erro...

5CVSS7AI score0.76751EPSS
Exploits10
0day.today
0day.today
added 2007/02/13 12:0 a.m.64 views

Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit

Exploit for multiple platform in category remote exploits =============================================================== Portable OpenSSH OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to...

7.1AI score0.76751EPSS
Exploits10
Exploit DB
Exploit DB
added 2007/02/13 12:0 a.m.195 views

Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack

!/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote...

5CVSS7.2AI score0.76751EPSS
Exploits10
exploitpack
exploitpack
added 2007/02/13 12:0 a.m.152 views

Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack

Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error...

5CVSS6.6AI score0.76751EPSS
Exploits10
Snyk
Snyk
added 2006/10/10 11:7 p.m.1 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure. OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which...

3.7CVSS5.9AI score0.53959EPSS
Exploits9References2
UbuntuCve
UbuntuCve
added 2006/10/10 11:7 p.m.35 views

CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime...

2.6CVSS6.3AI score0.53959EPSS
Exploits9References1
NVD
NVD
added 2006/10/10 11:7 p.m.19 views

CVE-2006-5229

OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime...

2.6CVSS8AI score0.53959EPSS
Exploits9References9
Tenable Nessus
Tenable Nessus
added 2006/10/10 12:0 a.m.15 views

OpenSSH < 4.1.0p2 / 4.2 Timing Attack

Binary data 3787.prm...

2.6CVSS7.3AI score0.53959EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2006/07/03 12:0 a.m.44 views

CentOS 3 / 4 : openssl (CESA-2005:476)

Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...

5.6CVSS6.1AI score0.00505EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.23 views

Ubuntu 4.10 / 5.04 : gnupg vulnerability (USN-170-1)

Serge Mister and Robert Zuccherato discovered a weakness of the symmetrical encryption algorithm of gnupg. When decrypting a message, gnupg uses a feature called 'quick scan'; this can quickly check whether the key that is used for decryption is probably the right one, so that wrong keys can be...

5CVSS5.5AI score0.02946EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2005/12/19 5:29 p.m.4 views

security flaw

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...

5.6CVSS6.6AI score0.00505EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/06/08 12:0 a.m.35 views

Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)

Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys CVE-2005-0109. The OpenSSL library has been patched to add a new fixed-window modexp implementation as default for RSA, DSA, and DH private key operations. The...

5.6CVSS6.3AI score0.00505EPSS
Exploits0References1
Rows per page
Query Builder