EUVD-2018-2915

Malware in sbrugna...

RHEL 6 : gnutls (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gnutls: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant CVE-2018-10845 -...

Side Channel Attack

libmbedtls.so is vulnerable to Side Channel Attack. The vulnerability is due to a miscalculation in a countermeasure to the Lucky 13 attack, allowing an active network attacker to partially recover plaintext of messages under specific conditions by exploiting timing measurements...

Security Bulletin: Lucky 13 Attack Vulnerability in IBM Cloud Pak for Data Streams

Summary The Lucky Thirteen attack is a crystallographic timing attack against implementations of the Transport Layer Security TLS protocol that use the CBC mode of operation. An attacker could perform man in the middle attacks to successfully obtain plain text from the secure channel. Vulnerabili...

MGASA-2020-0293 Updated mbedtls packages fix security vulnerability

Updated mbedtls packages fix security vulnerabilities Fix a side channel vulnerability in modular exponentiation that could reveal an RSA private key used in a secure enclave. Fix side channel in mbedtlsecpcheckpubpriv and mbedtlspkparsekey / mbedtlspkparsekeyfile when loading a private key that...

Security Bulletin: Security Vulnerabilties exist in IBM Cognos Controller

Summary Security Vulnerabilities exist in IBM Cognos Controller. When performing security testing, you might encounter a "Missing Secure Attribute in Encrypted Session SSL Cookie" error message. IBM Cognos Controller versions 10.4.1, 10.4.0, 10.3.1 and 10.3.0, by default, do not have this setting...

SUSE-SU-2019:14058-1 Security update for gnutls

This update for gnutls fixes the following issues: Security issues fixed: - CVE-2018-10846: Improve mitigations against Lucky 13 class of attacks PRIME + PROBE bsc1105460. - CVE-2017-10790: Fixed a denial of service in the asn1checkidentifier function bsc1047002...

SUSE SLED12 / SLES12 Security Update : gnutls (SUSE-SU-2018:2842-1)

This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks - 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery CVE-2018-10846, bsc1105460 - HMAC-SHA-384 vulnerable to Lucky thirteen...

Cross site scripting

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...