208 matches found
DEBIAN-CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
CVE-2018-0495
CVE-2018-0495 affects Libgcrypt prior to 1.7.10 and 1.8.x prior to 1.8.3. The root cause is a memory-cache side-channel (ROHNP) in the ECDSA signing path (_gcry_ecc_ecdsa_sign in cipher/ecc-ecdsa.c), enabling an attacker with local or co-resident VM access to recover ECDSA private keys. Mitigatio...
CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the gcryeccecdsasign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. T...
hw: cpu: speculative store bypass
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...
UBUNTU-CVE-2018-11204
A NULL pointer dereference was discovered in H5Ochunkdeserialize in H5Ocache.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack...
ALPINE-CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
DEBIAN-CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
UBUNTU-CVE-2018-1303
A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of modcachesocache. The vulnerability is considere...
samba security and bug fix update
4.4.4-13 - resolves: 1437816 - Fix krb5 memory cache in libads sasl code - resolves: 1437741 - Fix CVE-2016-2125, CVE-2016-2126 and CVE-2017-2619...
PVS 7.13: XenServer PVS-Accelerator Cache Storage Considerations
Note: This feature is only available in XenServer 7.1 and PVS 7.13 or later. PVS-Accelerator provides two cache modes: Memory only , in the Control Domain Dom0 Memory. When selecting Memory only, the feature will use up to the specified cache size in the Dom0 memory. This option is only available...
Google Chrome Multiple Vulnerabilities (Mar 2016) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Google Chrome Multiple Vulnerabilities (Mar 2016) - Windows
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
CVE-2016-1636
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity...
CVE-2016-1636
CVE-2016-1636 affects Google Chrome/Chromium prior to 49.0.2623.75, where PendingScript::notifyFinished incorrectly uses memory-cache data about integrity-check occurrences rather than actual integrity-check successes. This enables bypassing Subresource Integrity (SRI) by triggering two loads of ...
CVE-2016-1636
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity...
UBUNTU-CVE-2016-1636
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity...
SUSE-SU-2015:2219-1 Security update for openstack-nova
This update for openstack-nova provides various fixes and improvements: - Fix regression where launched instances in tenants not visible for other users. bsc927625 - Remove error messages from multipath command output before parsing. bsc949529 - Fix live-migration usage of the wrong connector...
Fedora 22 : webkitgtk4-2.8.4-2.fc22 (2015-11395)
WebKitGTK+ 2.8.4 includes fixes for 12 security issues. Additional fixes : - Make WebSQL work by using a default quota instead of always failing in openDatabase with DOM Exception 18. - Improve detection and usage of GL/GLES/EGL libraries. - Fix a crash on memory allocation using bmalloc on 32bit...