Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989508)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989508 advisory. In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc...

Linux Distros Unpatched Vulnerability : CVE-2015-0837

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when...

Last-Level Cache Attack

AMD ID: AMD-SB-7032 Potential Impact: N/A Severity: N/A Summary Researchers from Wuhan University have provided AMD with a paper titled “ZenLeak: Practical Last-Level Cache Side-Channel Attacks on AMD Zen Processors” in which they discuss prime and probe attacks targeting the Last-Level Cache LLC...

DEBIAN-CVE-2024-56617

In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 "archtopology: Build cacheinfo from primary CPU" adds functionality that architectures can use to optionally allocate and build...

SUSE CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

SUSE CVE-2017-5925

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR...

SUSE CVE-2017-5926

Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR...

SUSE: Security Advisory (SUSE-SU-2015:1511-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : libgcrypt (EulerOS-SA-2020-1498)

According to the versions of the libgcrypt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext...

EulerOS 2.0 SP3 : libgcrypt (EulerOS-SA-2020-1400)

According to the versions of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proxima...

EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2020-1114)

According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing...

CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

Design/Logic Flaw

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

CVE-2015-0837

CVE-2015-0837 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19). It enables a timing side-channel attack on modular exponentiation using a pre-computed table, related to a Last-Level Cache side-channel attack. The description notes the timing differences that could allow an attacker to o...

CVE-2015-0837

The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...

Mozilla Firefox 'performance.now' function information disclosure vulnerability

Mozilla Firefox is an open source web browser. An information disclosure vulnerability exists in the Mozilla Firefox 'performance.now' function due to the program failing to properly limit the availability of High Resolution Time API time, allowing remote attackers to call the ' performance.now'...

Information disclosure via the High Resolution Time API — Mozilla

Security researchers Yossef Oren, Vasileios P. Kemerlis, Simha Sethumadhavan, Angelos D. Keromytis of Columbia University's Network Security Lab reported a method of using the High Resolution Time API for side channel attacks. This attack uses JavaScript loaded through a hostile web page to track...

SUSE SLED12 / SLES12 Security Update : libgcrypt (SUSE-SU-2015:1511-1)

This update fixes the following issues : Security : - Fixed data-dependent timing variations in modular exponentiation related to CVE-2015-0837, Last-Level Cache Side-Channel Attacks are Practical bsc920057 Bugfixes : - don't drop privileges when locking secure memory bsc938343 Note that Tenable...

[slackware-security] gnupg

New gnupg packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix security issues. Here are the details from the Slackware 14.1 ChangeLog: patches/packages/gnupg-1.4.19-i486-1slack14.1.txz: Upgraded. Use ciphertext blinding for Elgamal decryption CVE-2014-3591. See...