CVE-2026-0427

Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine VM to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability...

PT-2026-28187

Name of the Vulnerable Software and Affected Versions Database Backup for WordPress versions prior to 2.5.3 Description An authorization bypass exists because the plugin fails to restrict access to the wp db temp dir parameter, which determines the storage location for database backups...

EUVD-2018-2915

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-2877

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write- timing side channel, which allows guest OS users to defeat t...

RHEL 6 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant CVE-2018-10845 -...

SUSE CVE-2015-2877

Kernel Samepage Merging KSM in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection CAIN attack. NOTE: the vendor states "Basically ...

OPENSUSE-SU-2022:0873-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u322 icedtea-3.22.0 Including the following security fixes: - CVE-2022-21248, bsc1194926: Enhance cross VM serialization - CVE-2022-21283, bsc1194937: Better String matching - CVE-2022-21293, bsc1194935: Improve...

SUSE-SU-2022:0871-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: Update to version jdk8u322 icedtea-3.22.0 Including the following security fixes: - CVE-2022-21248, bsc1194926: Enhance cross VM serialization - CVE-2022-21283, bsc1194937: Better String matching - CVE-2022-21293, bsc1194935: Improve...

CVE-2018-10846

A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario...

Security Bulletin: Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-10844 DESCRIPTION: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct...

EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-2016)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2019-1743)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

EulerOS Virtualization for ARM 64 3.0.2.0 : gnutls (EulerOS-SA-2019-1693)

According to the version of the gnutls packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a...

EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1676)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

Amazon Linux 2 : gnutls (ALAS-2018-1120)

It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.CVE-2018-10844 It was foun...

Medium: gnutls

Issue Overview: It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted...

Debian: Security Advisory (DLA-1560-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...

Side-Channel Attack

libgnutls.so is vulnerable to plain text recovery via cache-based side channel. An attacker is able to use a combination of Just in Time Prime+probe and Lucky-13 attacks to recover plain text using crafted packets in a cross-VM setting...

Cross site scripting

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...