27 matches found
MiracleLinux 4 : microcode_ctl-1.17-25.2.AXS4 (AXSA:2018-2497:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2497:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001310)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001310 advisory. Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache ...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003534)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003534 advisory. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may...
SUSE CVE-2018-12127
Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...
Mageia: Security Advisory (MGASA-2017-0334)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman
Manuel Pégourié-Gonnard reports: An attacker with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world can recover the private keys used in RSA or static finite-field Diffie-Hellm...
Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS
Manuel Pégourié-Gonnard reports: When decrypting/authenticating DTLS record in a connection using a CBC ciphersuite without the Encrypt-then-Mac extension RFC 7366, Mbed TLS used dummy rounds of the compression function associated with the hash used for HMAC in order to hide the length of the...
hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)
Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...
UBUNTU-CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling MFBDS: Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...
[SECURITY] [DSA 4355-1] openssl1.0 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4355-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2018 https://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-4355-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 4348-1] openssl security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4348-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 30, 2018 https://www.debian.org/security/faq -...
FreeBSD : node.js -- multiple vulnerabilities (0904e81f-a89d-11e8-afbb-bc5ff4f77b71)
Node.js reports : OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service DoS attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE Diffie-Hellman, in...
node.js -- multiple vulnerabilities
Node.js reports: OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service DoS attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE Diffie-Hellman, in bo...
[SECURITY] [DLA 1405-1] libgcrypt20 security update
Package : libgcrypt20 Version : 1.6.3-2+deb8u5 CVE ID : CVE-2018-0495 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. For Debian 8 "Jessie", these problems have been fixed in version 1.6.3-2+deb8u5. We recommend that you upgrade yo...
Debian DSA-4231-1 : libgcrypt20 - security update
It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4231. The text itself is copyright C Software ...
[SECURITY] [DSA 4231-1] libgcrypt20 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4231-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2018 https://www.debian.org/security/faq -...
[slackware-security] libgcrypt
New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libgcrypt-1.7.9-i586-1slack14.2.txz: Upgraded. Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With...
MGASA-2017-0334 Updated libgcrypt packages fix security vulnerability
It was discovered that libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key...
Debian DSA-3960-1 : gnupg - security update
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for...