Lucene search
K

25 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-2915

Malware in sbrugna...

5.6CVSS5.8AI score0.00388EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2018-10846

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination ...

5.6CVSS6.2AI score0.00388EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.6 views

SUSE CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.8AI score0.03623EPSS
Exploits0References27
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 5:54 p.m.32 views

Security Bulletin: Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in GnuTLS affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-10844 DESCRIPTION: It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct...

5.9CVSS1.1AI score0.03623EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/04/02 12:0 a.m.27 views

EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1136)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that GnuTLS's implementation of HMAC-SHA-384 was vulnerable to a Lucky Thirteen-style attack. A remote attacker could use this flaw to...

5.9CVSS6.5AI score0.03623EPSS
Exploits0References2
Mageia
Mageia
added 2018/11/03 11:55 a.m.43 views

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...

5.9CVSS2.4AI score0.03623EPSS
Exploits0References3
Veracode
Veracode
added 2018/11/01 3:10 a.m.28 views

Side-Channel Attack

libgnutls.so is vulnerable to plain text recovery via cache-based side channel. An attacker is able to use a combination of Just in Time Prime+probe and Lucky-13 attacks to recover plain text using crafted packets in a cross-VM setting...

5.6CVSS5.6AI score0.00388EPSS
Exploits0References15Affected Software2
RedHat Linux
RedHat Linux
added 2018/10/30 10:28 a.m.4 views

gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls

It was found that GnuTLS's implementation of HMAC-SHA-256 was vulnerable to Lucky Thirteen-style attack. A remote attacker could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS7.2AI score0.03623EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/09/17 12:0 a.m.36 views

Debian DSA-4296-1 : mbedtls - security update

Two vulnerabilities were discovered in mbedtls, a lightweight crypto and SSL/TLS library which could result in plain text recovery via side-channel attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-429...

5.9CVSS6AI score0.02674EPSS
Exploits0References5
Debian
Debian
added 2018/09/16 8:58 p.m.39 views

[SECURITY] [DSA 4296-1] mbedtls security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4296-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 16, 2018 https://www.debian.org/security/faq -...

5.9CVSS6.4AI score0.02674EPSS
Exploits0
OSV
OSV
added 2018/08/22 1:29 p.m.6 views

DEBIAN-CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

5.6CVSS5.7AI score0.00388EPSS
Exploits0References1
Prion
Prion
added 2018/08/22 1:29 p.m.23 views

Cross site scripting

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

1.9CVSS5.5AI score0.00388EPSS
Exploits0References10Affected Software7
Prion
Prion
added 2018/08/22 1:29 p.m.29 views

Code injection

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

4.3CVSS5.7AI score0.03623EPSS
Exploits0References10Affected Software7
NVD
NVD
added 2018/08/22 1:29 p.m.22 views

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS5.8AI score0.03623EPSS
Exploits0References10
OSV
OSV
added 2018/08/22 1:29 p.m.21 views

CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

5.6CVSS6.4AI score0.00388EPSS
Exploits0References10
CVE
CVE
added 2018/08/22 1:0 p.m.199 views

CVE-2018-10846

CVE-2018-10846 describes a cache-based side-channel in GnuTLS that can enable plaintext recovery in cross-VM settings. An attacker could combine a Just in Time Prime+probe attack with a Lucky-13 attack by sending crafted packets to exploit this vulnerability. Remediation in publicly documented ad...

5.6CVSS5.5AI score0.00388EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2018/08/22 1:0 p.m.19 views

CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS5.8AI score0.03623EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2018/08/22 1:0 p.m.24 views

CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

5.6CVSS5.8AI score0.00388EPSS
Exploits0
OSV
OSV
added 2018/08/22 12:0 a.m.3 views

UBUNTU-CVE-2018-10845

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets...

5.9CVSS6.6AI score0.03623EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2018/08/11 12:0 a.m.3 views

PT-2018-3451 · Gnu +5 · Gnutls +5

Name of the Vulnerable Software and Affected Versions: GnuTLS affected versions not specified Description: The issue is related to the GnuTLS implementation of HMAC-SHA-384, which is vulnerable to a Lucky thirteen style attack. This allows remote attackers to conduct distinguishing attacks and...

7.5CVSS6.4AI score0.58969EPSS
Exploits3References81
Rows per page
Query Builder