Max CVSS | 10.0 | Min CVSS | 1.9 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2018-10846 | 1.9 |
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain
|
13-02-2023 - 04:50 | 22-08-2018 - 13:29 | |
CVE-2018-10844 | 4.3 |
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data
|
13-02-2023 - 04:50 | 22-08-2018 - 13:29 | |
CVE-2018-10845 | 4.3 |
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing dat
|
13-02-2023 - 04:50 | 22-08-2018 - 13:29 | |
CVE-2009-1379 | 5.0 |
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS
|
13-02-2023 - 02:20 | 19-05-2009 - 19:30 | |
CVE-2007-4101 | 6.8 |
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.
|
15-10-2018 - 21:33 | 31-07-2007 - 10:17 | |
CVE-2005-3296 | 10.0 |
The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.
|
11-10-2017 - 01:30 | 23-10-2005 - 21:02 | |
CVE-2012-1630 | 2.1 |
Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
|
29-08-2017 - 01:31 | 20-09-2012 - 03:46 | |
CVE-2012-1634 | 4.3 |
Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links.
|
29-08-2017 - 01:31 | 06-10-2012 - 21:55 | |
CVE-2012-1631 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors.
|
29-08-2017 - 01:31 | 20-09-2012 - 03:46 | |
CVE-2012-1629 | 2.1 |
Cross-site scripting (XSS) vulnerability in the Taxotouch module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
|
29-08-2017 - 01:31 | 20-09-2012 - 03:46 | |
CVE-2012-0307 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.
|
29-08-2017 - 01:30 | 29-08-2012 - 10:56 | |
CVE-2012-1633 | 6.8 |
Cross-site request forgery (CSRF) vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user.
|
29-04-2017 - 01:59 | 20-09-2012 - 00:55 | |
CVE-2016-8966 | 4.3 |
IBM BigFix Inventory v9 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in
|
13-02-2017 - 22:35 | 01-02-2017 - 20:59 | |
CVE-2015-3958 | 7.8 |
Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (forced manual reboot) via a flood of TCP packets.
|
06-12-2016 - 03:01 | 06-07-2015 - 19:59 | |
CVE-2012-1632 | 2.1 |
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or H
|
20-09-2012 - 17:51 | 20-09-2012 - 00:55 | |
CVE-2011-4057 | 5.0 |
Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP port 22350.
|
16-01-2012 - 05:00 | 13-01-2012 - 18:55 | |
CVE-2002-1001 | 7.5 |
Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a SOCKS 4A request to TCP port 1080 with a long DNS hostname.
|
05-09-2008 - 20:29 | 04-10-2002 - 04:00 |