15 matches found
SUSE: Security Advisory (SUSE-SU-2018:2825-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4267-1: ARM mbed TLS vulnerabilities
It was discovered that mbedtls has a bounds-check bypass through an integer overflow that can be used by an attacked to execute arbitrary code or cause a denial of service. CVE-2017-18187 It was discovered that mbedtls has a vulnerability where an attacker could execute arbitrary code or cause a...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-2016)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1676)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1867-1 : wpa security update
Several vulnerabilities were discovered in WPA supplicant / hostapd. Some of them could only partially be mitigated, please read below for details. CVE-2019-9495 Cache-based side-channel attack against the EAP-pwd implementation: an attacker able to run unprivileged code on the target machine...
NewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnutls packages installed that are affected by multiple vulnerabilities: - It was found that GnuTLS's implementation of HMAC- SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to...
EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1743)
According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...
EulerOS Virtualization for ARM 64 3.0.2.0 : gnutls (EulerOS-SA-2019-1693)
According to the version of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a...
Amazon Linux 2 : gnutls (ALAS-2018-1120)
It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.CVE-2018-10844 It was foun...
CVE-2018-0498
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...
Privilege escalation
ARM mbed TLS before 2.12.0, before 2.7.5, and before 2.1.14 allows local users to achieve partial plaintext recovery for a CBC based ciphersuite via a cache-based side-channel attack...
CVE-2018-0498
mbed TLS (ARM PolarSSL) vulnerability CVE-2018-0498 affects CBC-based ciphersuites and allows partial plaintext recovery via a cache-based side-channel attack. Affected versions are before 2.12.0, before 2.7.5, and before 2.1.14. Remediation is to upgrade to patched releases (e.g., 2.12.0+ and ne...
Debian: Security Advisory (DLA-1125-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-1125-1 : botan1.10 security update
CVE-2017-14737 Fix of cache-based side channel attack, which could recover information about RSA secret keys. For Debian 7 'Wheezy', these problems have been fixed in version 1.10.5-1+deb7u4. We recommend that you upgrade your botan1.10 packages. NOTE: Tenable Network Security has extracted the...
[SECURITY] [DLA 1125-1] botan1.10 security update
Package : botan1.10 Version : 1.10.5-1+deb7u4 CVE ID : CVE-2017-14737 CVE-2017-14737 Fix of cache-based side channel attack, which could recover information about RSA secret keys. For Debian 7 "Wheezy", these problems have been fixed in version 1.10.5-1+deb7u4. We recommend that you upgrade your...