172 matches found
Astra Linux – Vulnerability in mbedtls
A issue was discovered in Arm Mbed TLS before version 2.23.0. A remote attacker can retrieve plaintext data because a certain countermeasure, known as “Lucky 13,” does not properly handle the case where a hardware accelerator is involved...
MiracleLinux 3 : openssl-0.9.8e-26.AXS3.1 (AXSA:2013-126:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-126:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...
JLSEC-2025-202 A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware M...
A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...
EUVD-2018-2914
Malware in sbrugna...
EUVD-2018-2913
Malware in sbrugna...
EUVD-2013-0208
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2020-36423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consid...
Security Bulletin: Lucky 13 Attack Vulnerability in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-29876
Summary The Lucky Thirteen attack is a crystallographic timing attack against implementations of the Transport Layer Security TLS protocol that use the CBC mode of operation. An attacker could perform man in the middle attacks to successfully obtain plain text from the secure channel. Vulnerabili...
SUSE CVE-2013-0169
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...
SUSE CVE-2018-10846
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...
SUSE CVE-2018-10845
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
Security Bulletin: Vulnerability in IBM InfoSphere Information Server due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2012-1717, CVE-2012-1718, CVE-2012-5081)
Abstract Multiple IBM Java SDK security vulnerabilities exist in the IBM InfoSphere Information Server. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment JRE allows remote attackers to affect availability via vectors relate...
Security Bulletin: IBM Tivoli Directory Server can be affected by a vulnerability in the IBM GSKit library (CVE-2013-0169)
Abstract The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. Conte...
Security Bulletin: IBM Tivoli Key Lifecycle Manager can be affected by a vulnerability in the IBM Java Runtime Environment (CVE-2013-0169)
Abstract CVE-2013-0169 - The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky...
Security Bulletin: IBM InfoSphere Master Data Management – Java CPU Feb 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)
Abstract Multiple security vulnerabilities exist in the IBM Java SDK shipped with IBM WebSphere Application Server that affects IBM InfoSphere Master Data Management versions 8.5, 9.0.1, 9.0.2, 10.0.0, 10.1.0,and 11.0.0 Content VULNERABILITY DETAILS: CVE-2013-0440 - Unspecified vulnerability in...
Security Bulletin: IBM Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway can be affected by a vulnerability in the IBM GSKit library (CVE-2013-0169)
Abstract CVE-2013-0169 - The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky...
Security Bulletin: IBM DB2 is impacted by a vulnerability in the IBM GSKit library (CVE-2013-0169).
Abstract GSKit is used by IBM DB2 for SSL support. The version of GSKit iused by DB2 is vulnerable to the “Lucky Thirteen” security vulnerability. By default, DB2 does not use SSL for client-server communication and therefore DB2 is vulnerable only if SSL is enabled. Content VULNERABILITY DETAILS...
Security Bulletin: Potential Security Exposure in IBM HTTP Server CVE-2013-0169 PM85211
Abstract Potential Security Exposure with IBM HTTP Server for WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-0169 PM85211 DESCRIPTION: The TLS protocol in the GSKIT component of the IBM HTTP Server does not properly consider timing side-channel attacks, which could...
Security Bulletin: Multiple vulnerabilities exist in the SOAP Gateway component of IMS Enterprise Suite (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2013-3003)
Abstract The SOAP Gateway component of IMS™ Enterprise Suite versions 1.1, 2.1, and 2.2 is affected by multiple vulnerabilities in IBM® Java™ and could allow remote, arbitrary command execution. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: An unspecified vulnerability could...
Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)
Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities...