Lucene search
+L

9592 matches found

Cvelist
Cvelist
added 2012/07/18 10:0 a.m.27 views

CVE-2012-1951

Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service heap...

9.9AI score0.05545EPSS
Exploits0References24
CVE
CVE
added 2012/07/18 10:0 a.m.136 views

CVE-2012-1951

CVE-2012-1951 is an actual security issue described in the connected MiracleLinux AXSA:2012-874 advisory as a Use-after-free in Mozilla Firefox 4.x–13.0 (and Firefox ESR 10.x before 10.0.6) affecting nsSMILTimeValueSpec::IsEventBased, with Thunderbird 5.0–13.0 and SeaMonkey before 2.11 also impli...

10CVSS9.8AI score0.05545EPSS
Exploits0References24Affected Software1
RedHat Linux
RedHat Linux
added 2012/07/17 7:21 p.m.3 views

Mozilla: Gecko memory corruption (MFSA 2012-44)

Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service heap...

10CVSS7.8AI score0.05545EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/07/17 12:0 a.m.30 views

CVE-2012-1951

Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service heap...

10CVSS7.5AI score0.05545EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2012/07/09 12:0 a.m.47 views

RedHat Update for openssl RHSA-2012:0059-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5CVSS8.7AI score0.16645EPSS
Exploits0References2
OSV
OSV
added 2012/07/03 4:40 p.m.5 views

UBUNTU-CVE-2012-2678

389 Directory Server before 1.2.11.6 aka Red Hat Directory Server before 8.2.10-3, after the password for a LDAP user has been changed and before the server has been reset, allows remote attackers to read the plaintext password via the unhasheduserpassword attribute...

1.2CVSS5.8AI score0.00636EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2012/07/03 12:0 a.m.30 views

SuSE 10 Security Update : GnuTLS (ZYPP Patch Number 8066)

This update of GnuTLS fixes multiple vulnerabilities : - remote attackers could cause a denial of service heap memory corruption and application crash via an issue in the asn1getlengthder function. CVE-2012-1569 - crafted GenericBlockCipher structures allow remote attackers to cause a denial of...

5CVSS7.6AI score0.0446EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2012/03/06 12:0 a.m.35 views

GLSA-201203-12 : OpenSSL: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201203-12 OpenSSL: Multiple vulnerabilities Multiple vulnerabilities have been found in OpenSSL: Timing differences for decryption are exposed by CBC mode encryption in OpenSSLs implementation of DTLS CVE-2011-4108. A policy check...

9.3CVSS7.8AI score0.17687EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2012/02/10 12:0 a.m.32 views

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : openssl vulnerabilities (USN-1357-1)

It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...

9.3CVSS7.7AI score0.17687EPSS
Exploits1References11
Ubuntu
Ubuntu
added 2012/02/09 10:39 p.m.94 views

USN-1357-1: OpenSSL vulnerabilities

It was discovered that the elliptic curve cryptography ECC subsystem in OpenSSL, when using the Elliptic Curve Digital Signature Algorithm ECDSA for the ECDHEECDSA cipher suite, did not properly implement curves over binary fields. This could allow an attacker to determine private keys via a timi...

9.3CVSS7.8AI score0.17687EPSS
Exploits1
ThreatPost
ThreatPost
added 2012/02/08 6:35 p.m.8 views

Costin Raiu on the Timing of the Duqu Attacks

Threatpost editor Dennis Fisher and Kaspersky Lab’s Costin Raiu discuss the timing of the Duqu attacks, how that may hint at the identities of its creator and what other mysteries about the worm remain. RELATED Q&A Anatomy of the Duqu Attacks...

1.8AI score
Exploits0References1
Amazon
Amazon
added 2012/02/02 12:0 a.m.41 views

Medium: openssl

Issue Overview: It was discovered that the Datagram Transport Layer Security DTLS protocol implementation in OpenSSL leaked timing information when performing certain operations. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a DTLS serve...

5CVSS8.2AI score0.16645EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/01/30 6:23 p.m.6 views

ruby: Properly initialize the random number generator when forking new process

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

5CVSS5.8AI score0.02088EPSS
Exploits0References3
NVD
NVD
added 2012/01/06 1:55 a.m.30 views

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

4.3CVSS9.1AI score0.0123EPSS
Exploits0References3
OSV
OSV
added 2012/01/06 1:55 a.m.5 views

DEBIAN-CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

4.3CVSS9.2AI score0.0123EPSS
Exploits0References1
OSV
OSV
added 2012/01/06 1:55 a.m.10 views

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

7.8AI score
Exploits0References3
Prion
Prion
added 2012/01/06 1:55 a.m.23 views

Sql injection

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

4.3CVSS6.8AI score0.15757EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2012/01/06 1:55 a.m.40 views

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

4.3CVSS5.9AI score0.0123EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2012/01/06 1:0 a.m.62 views

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related...

4.3CVSS8.3AI score0.0123EPSS
Exploits0
OpenSSL
OpenSSL
added 2012/01/04 12:0 a.m.40 views

Vulnerability in OpenSSL - DTLS Plaintext Recovery Attack

OpenSSL was susceptable an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS by exploiting timing differences arising during decryption processing. Found by Nadhem Alfardan and Ken...

7.5AI score0.15757EPSS
Exploits0Affected Software1
Rows per page
Query Builder