MiracleLinux 7 : gnutls-3.3.29-8.el7 (AXSA:2019-3543:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3543:01 advisory. gnutls: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls CVE-2018-10844 gnutls: HMAC-SHA-384 vulnerable to...

Rocky Linux 8 : firefox (RLSA-2022:8554)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:8554 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined wi...

DEBIAN-CVE-2022-45416

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

AlmaLinux 8 : thunderbird (ALSA-2022:8547)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:8547 advisory. - Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with...

UBUNTU-CVE-2022-45416

Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

SUSE: Security Advisory (SUSE-SU-2018:2842-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2825-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-10846

A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario...

EulerOS 2.0 SP5 : gnutls (EulerOS-SA-2019-1676)

According to the version of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of 'Just in...

openSUSE Security Update : gnutls (openSUSE-2019-746)

This update for gnutls fixes the following security issues : - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirtee...