Lucene search
+L

4722 matches found

nessus
nessus
added 2018/11/07 12:0 a.m.33 views

Oracle Linux 7 : gnutls (ELSA-2018-3050)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3050 advisory. - Improved counter-measures in TLS CBC record padding for lucky13 attack CVE-2018-10844, 1589704, CVE-2018-10845, 1589707 - Added counter-measures for...

5.9CVSS6.5AI score0.03623EPSS
Exploits0References4
mageia
mageia
added 2018/11/03 11:55 a.m.46 views

Updated gnutls packages fix security vulnerabilities

The updated packages fix security vulnerabilities: It was found that the GnuTLS implementation of HMAC-SHA-256 and HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical...

5.9CVSS2.4AI score0.03623EPSS
Exploits0References3
nessus
nessus
added 2018/11/02 12:0 a.m.30 views

F5 Networks BIG-IP : TMM vulnerability (K81137982)

Undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel TMM. CVE-2017-6136 Impact An attacker may be able to disrupt traffic or...

5.9CVSS5.9AI score0.0141EPSS
Exploits0References2
veracode
veracode
added 2018/11/01 3:10 a.m.29 views

Side-Channel Attack

libgnutls.so is vulnerable to plain text recovery via cache-based side channel. An attacker is able to use a combination of Just in Time Prime+probe and Lucky-13 attacks to recover plain text using crafted packets in a cross-VM setting...

5.6CVSS5.6AI score0.00388EPSS
Exploits0References15Affected Software2
nessus
nessus
added 2018/10/31 12:0 a.m.82 views

RHEL 7 : gnutls (RHSA-2018:3050)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3050 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as...

5.9CVSS6.6AI score0.03623EPSS
Exploits0References16
redhat
redhat
added 2018/10/30 10:28 a.m.9 views

gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery

A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario...

5.6CVSS7.1AI score0.00388EPSS
Exploits0References5
redhat
redhat
added 2018/10/30 10:28 a.m.53 views

Moderate: Red Hat Security Advisory: gnutls security, bug fix, and enhancement update

An update for gnutls is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

5.9CVSS6.4AI score0.03623EPSS
Exploits0References11
nessus
nessus
added 2018/10/22 12:0 a.m.32 views

SUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-2)

This update for gnutls fixes the following issues : This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery CVE-2018-10846,...

7.5CVSS6.6AI score0.0499EPSS
Exploits1References13
wired
wired
added 2018/10/19 10:10 p.m.118 views

Russian Trolls Are Still Playing Both Sides—Even With the Mueller Probe

The latest indictment against Russian trolls shows how they sowed division in the US on wedge issues, including the investigation into their activity...

3.2AI score
Exploits0
ibm
ibm
added 2018/10/09 9:0 a.m.19 views

Security Bulletin: IBM Netcool/OMNIbus Probe DSL Factory Framework is affected by Apache Camel's Core vulnerability

Summary IBM Netcool/OMNIbus Probe DSL Factory Framework probe-dsl-framework-40 has addressed the following vulnerability caused by Apache Camel's Core component. Vulnerability Details CVEID: CVE-2018-8027 DESCRIPTION: Apache Camel's Core could allow a remote attacker to obtain sensitive...

9.8CVSS1AI score0.05517EPSS
Exploits0Affected Software1
opensuse
opensuse
added 2018/09/25 3:11 p.m.136 views

Security update for gnutls (moderate)

This update for gnutls fixes the following issues: Security issues fixed: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery bsc1105460 - CVE-2018-10845: HMAC-SHA-384 vulnerable to...

5CVSS0.6AI score0.0499EPSS
Exploits1References4
nessus
nessus
added 2018/09/25 12:0 a.m.30 views

SUSE SLES12 Security Update : gnutls (SUSE-SU-2018:2825-1)

This update for gnutls fixes the following issues : This update for gnutls fixes the following issues : Security issues fixed : Improved mitigations against Lucky 13 class of attacks 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery CVE-2018-10846,...

7.5CVSS6.6AI score0.0499EPSS
Exploits1References13
nvd
nvd
added 2018/09/20 1:29 p.m.18 views

CVE-2018-5871

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660,...

6.5CVSS6.8AI score0.00277EPSS
Exploits0References2
nvd
nvd
added 2018/09/20 1:29 p.m.25 views

CVE-2018-11290

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, SnapdragonHighMed2016, MAC...

7.5CVSS7.6AI score0.00845EPSS
Exploits0References3
prion
prion
added 2018/09/20 1:29 p.m.31 views

Code injection

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660,...

3.3CVSS6.7AI score0.00277EPSS
Exploits0References2
cvelist
cvelist
added 2018/09/20 1:0 p.m.29 views

CVE-2018-11290

In Snapdragon Automobile, Mobile, Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, SnapdragonHighMed2016, MAC...

7.6AI score0.00845EPSS
Exploits0References3
nvd
nvd
added 2018/09/18 6:29 p.m.20 views

CVE-2018-11276

In all android releases Android for MSM, Firefox OS for MSM, QRD Android from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe...

7.8CVSS7.5AI score0.00187EPSS
Exploits0References3
n0where
n0where
added 2018/08/22 6:21 p.m.37 views

Covert Backdoor Transmission Method: GhostTunnel

GhostTunnel is a covert backdoor transmission method that can be used in an isolated environment. It can attack the target through the HID device only to release the payload agent, then the HID device can be removed after the payload is released. GhostTunnel use 802.11 Probe Request Frames and...

1AI score
Exploits0References1
osv
osv
added 2018/08/22 1:29 p.m.6 views

DEBIAN-CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

5.6CVSS5.7AI score0.00388EPSS
Exploits0References1
debiancve
debiancve
added 2018/08/22 1:0 p.m.38 views

CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

5.6CVSS5.8AI score0.00388EPSS
Exploits0
Rows per page
Query Builder