EUVD-2018-17177

Malware in sbrugna...

CVE-2025-27587

OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVPDigestSign API, and then using the private key to extract the K value nonce from the signatures. Next, based on the bit size of t...

CVE-2025-29780

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

GHSA-Q65W-FG65-79F4 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Description: The feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the findsecurepivot function and potentially other parts of securematrixsolve. These vulnerabilities are due to Python's execution model, which does not guarantee...

Security Bulletin: IBM DataPower Gateway is potentially vulnerable to two cryptographic side-channel vulnerabilities in SSL.

Summary Side-channel vulnerabilities in SSL CVE-2019-1563, CVE-2019-1547 potentially affect IBM DataPower Gateway Vulnerability Details CVEID: CVE-2019-1563 DESCRIPTION: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker,...

CentOS 8 : nss and nspr (CESA-2020:3280)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:3280 advisory. - nss: Use-after-free in sftkFreeSession due to improper refcounting CVE-2019-11756 - nss: Check length of inputs for cryptographic primitives...

CentOS 7 : nss and nspr (RHSA-2020:4076)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4076 advisory. - When importing a curve25519 private key in PKCS8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Securi...

Oracle Linux 8 : nss / and / nspr (ELSA-2020-3280)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3280 advisory. nspr 4.25.0-2 - Rebuild 4.25.0-1 - Update to NSPR 4.25 nss 3.53.1-11 - Fix issue with upgradedb where upgradedb expects standard to generate dbm...

RLSA-2020:3280 Moderate: nss and nspr security, bug fix, and enhancement update

Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime NSPR provides platform independence for non-GUI operating system facilities. The following packages have been upgrad...

nss and nspr security, bug fix, and enhancement update

An update is available for nspr. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Network Security Services NSS is a set of libraries designed to support the...

RancherOS < 1.4.0 Information Disclosure

The remote host is running a version of RancherOS prior to 1.4.0, hence is exposted to a side-channel vulnerabilities: - Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a...

RancherOS < 1.4.1 Multiple Information Disclosure Vulnerabilities

The remote host is running a version of RancherOS prior to v1.4.1, hence is exposed to multiple side-channel vulnerabilities: - Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to a...

September 10, 2019—KB4516064 (Security-only update)

September 10, 2019—KB4516064 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 32-B...

Citrix XenServer Microarchitectural Data Sampling Speculative Side-Channel Vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout) (CTX2251995)

The version of Citrix XenServer running on the remote host is missing a security hotfix. It is, therefore, affected by microarchitectural data sampling speculative side-channel vulnerabilities. These vulnerabilities may allow a local attacker on a guest machine to sample the contents of memory...

Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws

There was a lot more to the name game behind choosing titles for ZombieLoad, Spectre and Meltdown than picking cool and edgy attack titles. If you have ever wondered why they were named what they were, Threatpost tracked down one of the researchers behind the naming convention and discovery and...

Intel CPUs Impacted By New Class of Spectre-Like Attacks

A new class of side channel vulnerabilities impacting all modern Intel chips have been disclosed, which can use speculative execution to potentially leak sensitive data from a system’s CPU. Intel said that the newest class of vulnerabilities, dubbed Microarchitectural Data Sampling MDS, consist o...

May 14, 2019—KB4499165 (Security-only update)

May 14, 2019—KB4499165 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Provides protections against a new subclass of speculative execution side-channel vulnerabilities, known as Microarchitectural Data Sampling , for 64-Bit x64...

NSA Releases Updated Guidance on Side-Channel Vulnerabilities

The National Security Agency NSA has released updated information on a set of side-channel vulnerabilities affecting modern computer processors. An attacker can exploit these vulnerabilities to obtain sensitive information. The National Cybersecurity and Communications Integration Center NCCIC,...

Microsoft Launches Azure DevOps Bug Bounty Program

Microsoft lifted the curtain on a new Azure DevOps bug bounty program, designed to sniff out flaws in its Azure DevOps online services and servers. Azure DevOps is a cloud service launched in 2018 that enables collaboration on code development across the breadth of a development lifecycle...

CPU Side-Channel Information Disclosure Vulnerabilities: August 2018

5On August 14th, 2018, three vulnerabilities were disclosed by Intel and security researchers that leverage a speculative execution side-channel method referred to as L1 Terminal Fault L1TF that affects modern Intel microprocessors. These vulnerabilities could allow an unprivileged, local attacke...