Lucene search
K

27 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.6 views

MiracleLinux 4 : microcode_ctl-1.17-25.2.AXS4 (AXSA:2018-2497:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2497:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used...

5.6CVSS7.3AI score0.74041EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001310)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001310 advisory. Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache ...

5.6CVSS7.4AI score0.08101EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003534)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003534 advisory. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may...

5.5CVSS7.2AI score0.60631EPSS
Exploits2References150
SUSE CVE
SUSE CVE
added 2023/02/15 4:26 a.m.4 views

SUSE CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

3.8CVSS6.5AI score0.01497EPSS
Exploits0References71
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.11 views

Mageia: Security Advisory (MGASA-2017-0334)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.5AI score0.0351EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2020/09/01 12:0 a.m.15 views

Mbed TLS -- Local side channel attack on RSA and static Diffie-Hellman

Manuel Pégourié-Gonnard reports: An attacker with access to precise enough timing and memory access information typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world can recover the private keys used in RSA or static finite-field Diffie-Hellm...

3.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2020/09/01 12:0 a.m.36 views

Mbed TLS -- Local side channel attack on classical CBC decryption in (D)TLS

Manuel Pégourié-Gonnard reports: When decrypting/authenticating DTLS record in a connection using a CBC ciphersuite without the Encrypt-then-Mac extension RFC 7366, Mbed TLS used dummy rounds of the compression function associated with the hash used for HMAC in order to hide the length of the...

5.5CVSS2.8AI score0.00368EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/05/14 8:45 p.m.3 views

hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

5.6CVSS7AI score0.00607EPSS
Exploits0References5
OSV
OSV
added 2019/05/14 5:0 p.m.3 views

UBUNTU-CVE-2018-12130

Microarchitectural Fill Buffer Data Sampling MFBDS: Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

5.9CVSS6.7AI score0.01553EPSS
Exploits0References18
Debian
Debian
added 2018/12/19 10:29 p.m.146 views

[SECURITY] [DSA 4355-1] openssl1.0 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4355-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2018 https://www.debian.org/security/faq -...

7.5CVSS7.6AI score0.49268EPSS
Exploits4
OpenVAS
OpenVAS
added 2018/12/18 12:0 a.m.62 views

Debian: Security Advisory (DSA-4355-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.3AI score0.49268EPSS
Exploits4References4
Debian
Debian
added 2018/11/30 10:26 p.m.121 views

[SECURITY] [DSA 4348-1] openssl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4348-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 30, 2018 https://www.debian.org/security/faq -...

7.5CVSS7.6AI score0.49268EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2018/08/28 12:0 a.m.40 views

FreeBSD : node.js -- multiple vulnerabilities (0904e81f-a89d-11e8-afbb-bc5ff4f77b71)

Node.js reports : OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service DoS attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE Diffie-Hellman, in...

7.5CVSS6.6AI score0.49268EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2018/08/16 12:0 a.m.57 views

node.js -- multiple vulnerabilities

Node.js reports: OpenSSL: Client DoS due to large DH parameter This fixes a potential denial of service DoS attack against client connections by a malicious server. During a TLS communication handshake, where both client and server agree to use a cipher-suite using DH or DHE Diffie-Hellman, in bo...

0.8AI score
Exploits0References1
Debian
Debian
added 2018/06/29 8:4 a.m.40 views

[SECURITY] [DLA 1405-1] libgcrypt20 security update

Package : libgcrypt20 Version : 1.6.3-2+deb8u5 CVE ID : CVE-2018-0495 It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. For Debian 8 "Jessie", these problems have been fixed in version 1.6.3-2+deb8u5. We recommend that you upgrade yo...

4.7CVSS6.4AI score0.00887EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2018/06/18 12:0 a.m.34 views

Debian DSA-4231-1 : libgcrypt20 - security update

It was discovered that Libgcrypt is prone to a local side-channel attack allowing recovery of ECDSA private keys. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4231. The text itself is copyright C Software ...

4.7CVSS6AI score0.00887EPSS
Exploits1References4
Debian
Debian
added 2018/06/17 6:53 p.m.33 views

[SECURITY] [DSA 4231-1] libgcrypt20 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4231-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 17, 2018 https://www.debian.org/security/faq -...

1.9CVSS1.9AI score0.00887EPSS
Exploits1
Slackware Linux
Slackware Linux
added 2017/09/18 7:20 p.m.36 views

[slackware-security] libgcrypt

New libgcrypt packages are available for Slackware 14.2 and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/libgcrypt-1.7.9-i586-1slack14.2.txz: Upgraded. Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth be With...

7.5CVSS7.5AI score0.0351EPSS
Exploits0
OSV
OSV
added 2017/09/10 12:36 p.m.5 views

MGASA-2017-0334 Updated libgcrypt packages fix security vulnerability

It was discovered that libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key...

7.5CVSS7.3AI score0.0351EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2017/09/05 12:0 a.m.31 views

Debian DSA-3960-1 : gnupg - security update

Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that GnuPG is prone to a local side-channel attack allowing full key recovery for RSA-1024. See https://eprint.iacr.org/2017/627 for...

6.8CVSS6.5AI score0.03885EPSS
Exploits0References4
Rows per page
Query Builder