Lucene search
K

34 matches found

Prion
Prion
added 2018/08/22 1:29 p.m.24 views

Code injection

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

4.3CVSS5.5AI score0.03623EPSS
Exploits0References10Affected Software7
OSV
OSV
added 2018/08/22 1:29 p.m.26 views

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.5AI score0.03623EPSS
Exploits0References10
Prion
Prion
added 2018/08/22 1:29 p.m.30 views

Code injection

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

4.3CVSS5.7AI score0.03623EPSS
Exploits0References10Affected Software7
NVD
NVD
added 2018/08/22 1:29 p.m.23 views

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS5.8AI score0.03623EPSS
Exploits0References10
NVD
NVD
added 2018/08/22 1:29 p.m.27 views

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS5.8AI score0.03623EPSS
Exploits0References10
Cvelist
Cvelist
added 2018/08/22 1:0 p.m.23 views

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS5.8AI score0.03623EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2018/08/22 1:0 p.m.28 views

CVE-2018-10844

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.2AI score0.03623EPSS
Exploits0
Debian CVE
Debian CVE
added 2018/08/22 1:0 p.m.29 views

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.2AI score0.03623EPSS
Exploits0
OSV
OSV
added 2016/03/13 6:59 p.m.1 views

DEBIAN-CVE-2016-1967

Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls aft...

6.5CVSS7.1AI score0.02248EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/09/03 4:6 p.m.4 views

chromium-browser: Information leak in Blink

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...

5CVSS7.5AI score0.01747EPSS
Exploits0References5
Slackware Linux
Slackware Linux
added 2013/10/15 12:18 a.m.41 views

[slackware-security] gnutls

New gnutls packages are available for Slackware 12.1, 12.2, 13.0, 13.1, and 13.37 to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/gnutls-2.10.5-i486-2slack13.37.txz: Rebuilt. Updated to the correct version to fix fetching the "latest" from gnu.org...

5CVSS7.3AI score0.0644EPSS
Exploits3
Slackware Linux
Slackware Linux
added 2013/08/30 7:46 a.m.42 views

[slackware-security] gnutls

New gnutls packages are available for Slackware 14.0, and -current to fix a security issue. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/gnutls-3.0.26-i486-1slack14.0.txz: Upgraded. This update prevents a side-channel attack which may allow remote attackers to conduct...

4CVSS6.3AI score0.0644EPSS
Exploits1
Prion
Prion
added 2013/02/08 7:55 p.m.28 views

Design/Logic Flaw

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...

4CVSS6.8AI score0.35584EPSS
Exploits2References14Affected Software1
CVE
CVE
added 2013/02/08 7:0 p.m.133 views

CVE-2013-1624

Technical details for CVE-2013-1624 are not publicly available in the provided documents. Monitor for updates.

4CVSS6.7AI score0.02972EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder