Lucene search
K

172 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in mbedtls

A issue was discovered in Arm Mbed TLS before version 2.23.0. A remote attacker can retrieve plaintext data because a certain countermeasure, known as “Lucky 13,” does not properly handle the case where a hardware accelerator is involved...

7.5CVSS7.3AI score0.01195EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/19 12:0 a.m.5 views

MiracleLinux 3 : openssl-0.9.8e-26.AXS3.1 (AXSA:2013-126:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-126:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

5CVSS7.1AI score0.35584EPSS
Exploits2References4
OSV
OSV
added 2025/11/21 3:59 p.m.5 views

JLSEC-2025-202 A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware M...

A Lucky 13 timing side channel in mbedtlsssldecryptbuf in library/sslmsg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. This affects CBC mode because of a computed time difference based on a padding length...

5.5CVSS7.3AI score0.00368EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-2914

Malware in sbrugna...

5.9CVSS6.1AI score0.03623EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-2913

Malware in sbrugna...

5.9CVSS6.1AI score0.03623EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-0208

Malware in sbrugna...

2.6CVSS6.4AI score0.35584EPSS
Exploits1References80
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-36423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consid...

7.5CVSS7.3AI score0.01195EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/29 2:12 a.m.22 views

Security Bulletin: Lucky 13 Attack Vulnerability in IBM Robotic Process Automation with Automation Anywhere - CVE-2021-29876

Summary The Lucky Thirteen attack is a crystallographic timing attack against implementations of the Transport Layer Security TLS protocol that use the CBC mode of operation. An attacker could perform man in the middle attacks to successfully obtain plain text from the secure channel. Vulnerabili...

6.1AI score
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS9AI score0.35584EPSS
Exploits1References31
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.5 views

SUSE CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

5.3CVSS7.5AI score0.00388EPSS
Exploits0References27
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.6 views

SUSE CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.8AI score0.03623EPSS
Exploits0References27
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.67 views

Security Bulletin: Vulnerability in IBM InfoSphere Information Server due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2012-1717, CVE-2012-1718, CVE-2012-5081)

Abstract Multiple IBM Java SDK security vulnerabilities exist in the IBM InfoSphere Information Server. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment JRE allows remote attackers to affect availability via vectors relate...

5CVSS7.5AI score0.45113EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 5:45 a.m.45 views

Security Bulletin: IBM Tivoli Directory Server can be affected by a vulnerability in the IBM GSKit library (CVE-2013-0169)

Abstract The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. Conte...

2.6CVSS6.5AI score0.35584EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.42 views

Security Bulletin: IBM Tivoli Key Lifecycle Manager can be affected by a vulnerability in the IBM Java Runtime Environment (CVE-2013-0169)

Abstract CVE-2013-0169 - The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky...

2.6CVSS6.3AI score0.35584EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.37 views

Security Bulletin: IBM InfoSphere Master Data Management – Java CPU Feb 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM Java SDK shipped with IBM WebSphere Application Server that affects IBM InfoSphere Master Data Management versions 8.5, 9.0.1, 9.0.2, 10.0.0, 10.1.0,and 11.0.0 Content VULNERABILITY DETAILS: CVE-2013-0440 - Unspecified vulnerability in...

5CVSS0.7AI score0.35584EPSS
Exploits2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.38 views

Security Bulletin: IBM Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway can be affected by a vulnerability in the IBM GSKit library (CVE-2013-0169)

Abstract CVE-2013-0169 - The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky...

2.6CVSS6AI score0.35584EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.38 views

Security Bulletin: IBM DB2 is impacted by a vulnerability in the IBM GSKit library (CVE-2013-0169).

Abstract GSKit is used by IBM DB2 for SSL support. The version of GSKit iused by DB2 is vulnerable to the “Lucky Thirteen” security vulnerability. By default, DB2 does not use SSL for client-server communication and therefore DB2 is vulnerable only if SSL is enabled. Content VULNERABILITY DETAILS...

2.6CVSS6.7AI score0.35584EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 11:13 p.m.35 views

Security Bulletin: Potential Security Exposure in IBM HTTP Server CVE-2013-0169 PM85211

Abstract Potential Security Exposure with IBM HTTP Server for WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-0169 PM85211 DESCRIPTION: The TLS protocol in the GSKIT component of the IBM HTTP Server does not properly consider timing side-channel attacks, which could...

2.6CVSS6.5AI score0.35584EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 10:39 p.m.21 views

Security Bulletin: Multiple vulnerabilities exist in the SOAP Gateway component of IMS Enterprise Suite (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2013-3003)

Abstract The SOAP Gateway component of IMS™ Enterprise Suite versions 1.1, 2.1, and 2.2 is affected by multiple vulnerabilities in IBM® Java™ and could allow remote, arbitrary command execution. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: An unspecified vulnerability could...

9CVSS7.4AI score0.35584EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/25 9:6 p.m.54 views

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities...

10CVSS6.9AI score0.86963EPSS
Exploits23Affected Software5
Rows per page
Query Builder