36 matches found
EUVD-2018-2913
Malware in sbrugna...
Security Bulletin: Vulnerability in GnuTLS affects Power Hardware Management Console ( CVE-2018-10845 CVE-2018-10844)
Summary It was found that GnuTLS's implementation of HMAC-SHA-384 and HMAC-SHA-256 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
SUSE: Security Advisory (SUSE-SU-2018:2842-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:2825-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The vulnerability of the implementation of the HMAC-SHA-256 mechanism in the GnuTLS cryptographic library allows a perpetrator to carry out an “Lucky 13” attack and a attack that recovers the plaintext.
The vulnerability of the HMAC-SHA-256 mechanism implemented in the GnuTLS cryptographic library is related to errors in the implementation of the cryptographic algorithm. Exploiting this vulnerability allows a malicious actor to perform both a “Lucky 13” attack and an attack that recovers the...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1005)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2019-1203)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2018-1444)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2018-10844
It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...
Ruby on Rails: The authenticity_token can be reversed and used to forge valid per_form_csrf_tokens for arbitrary routes
When performcsrftokens is set to true, each form should protected against CSRF with a unique token that is not predictable by an attacker. Theperformcsrftoken is generated using a HMAC SHA-256 using a key that is exposed in a reversed authenticitytoken. The authenticitytoken is a Base64 encoding ...
NewStart CGSL CORE 5.04 / MAIN 5.04 : gnutls Multiple Vulnerabilities (NS-SA-2019-0068)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gnutls packages installed that are affected by multiple vulnerabilities: - It was found that GnuTLS's implementation of HMAC- SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to...
EulerOS Virtualization 2.5.4 : gnutls (EulerOS-SA-2019-1203)
According to the version of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use...
openSUSE Security Update : gnutls (openSUSE-2019-746)
This update for gnutls fixes the following security issues : - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirtee...
EulerOS 2.0 SP3 : gnutls (EulerOS-SA-2019-1026)
According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...
EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1005)
According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...
SUSE SLED15 / SLES15 Security Update : gnutls (SUSE-SU-2018:2930-1)
This update for gnutls fixes the following security issues : Improved mitigations against Lucky 13 class of attacks CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen atta...
EulerOS 2.0 SP2 : gnutls (EulerOS-SA-2018-1444)
According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 Note that Tenable Network Security h...
Amazon Linux 2 : gnutls (ALAS-2018-1120)
It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.CVE-2018-10844 It was foun...
Medium: gnutls
Issue Overview: It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted...
Debian: Security Advisory (DLA-1560-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...