103 matches found
EUVD-2020-25908
Malware in sbrugna...
EUVD-2013-0208
Malware in sbrugna...
EUVD-2020-25907
Malware in sbrugna...
EUVD-2016-9895
Malware in sbrugna...
EUVD-2022-5314
Malicious code in bioql PyPI...
Timing Side-channel Attacks
vllm is vulnerable to Timing side-channel attacks. The vulnerability is due to timing discrepancies during the prefill phase by the PageAttention mechanism reusing matching prefix chunks, which speeds up token generation and allows an attacker to infer prompt similarity or presence...
Linux Distros Unpatched Vulnerability : CVE-2013-1619
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a...
Linux Distros Unpatched Vulnerability : CVE-2013-0169
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing...
SUSE SLED15: bouncycastle / bouncycastle-javadoc / bouncycastle-jmail / etc (SUSE-SU-2024:1539-2)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:1539-2 advisory. Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks agains...
SUSE-SU-2024:1539-2 Security update for bouncycastle
This update for bouncycastle fixes the following issues: Update to version 1.78.1, including fixes for: - CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption both PKCS1v1.5 and OAEP. bsc1223252...
Debian: Security Advisory (DLA-759-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
K15630: TLS in Mozilla NSS vulnerability CVE-2013-1620
Security Advisory Description The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attack...
K15622: wolfSSL CyaSSL vulnerability CVE-2013-1623
Security Advisory Description The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks...
Security Bulletin: Vulnerability in IBM InfoSphere Information Server due to issues in IBM Java SDK (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169, CVE-2012-1717, CVE-2012-1718, CVE-2012-5081)
Abstract Multiple IBM Java SDK security vulnerabilities exist in the IBM InfoSphere Information Server. Content VULNERABILITY DETAILS: CVE ID: CVE-2013-0440 DESCRIPTION: Unspecified vulnerability in the Java Runtime Environment JRE allows remote attackers to affect availability via vectors relate...
Security Bulletin: IBM Tivoli Federated Identity Manager and Tivoli Federated Identity Manager Business Gateway can be affected by a vulnerability in the IBM GSKit library (CVE-2013-0169)
Abstract CVE-2013-0169 - The Transport Layer Security protocol does not properly consider timing side-channel attacks, which allows remote attackers to conduct distinguishing attacks and plain-text recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky...
Security Bulletin: IBM QRadar SIEM and QRadar Risk Manager can be affected by three vulnerabilities in the IBM Java Runtime Environment (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)
Abstract CVE-2013-0440 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect availability via vectors related to JSSE. CVE- 2013-0443 - Unspecified vulnerability in IBM Java Runtime Environment allows remote attackers to affect confidentiality and integrity...
Security Bulletin: IBM DB2 is impacted by a vulnerability in the IBM GSKit library (CVE-2013-0169).
Abstract GSKit is used by IBM DB2 for SSL support. The version of GSKit iused by DB2 is vulnerable to the “Lucky Thirteen” security vulnerability. By default, DB2 does not use SSL for client-server communication and therefore DB2 is vulnerable only if SSL is enabled. Content VULNERABILITY DETAILS...
Security Bulletin: Potential Security Exposure in IBM HTTP Server CVE-2013-0169 PM85211
Abstract Potential Security Exposure with IBM HTTP Server for WebSphere Application Server Content VULNERABILITY DETAILS: CVE ID:CVE-2013-0169 PM85211 DESCRIPTION: The TLS protocol in the GSKIT component of the IBM HTTP Server does not properly consider timing side-channel attacks, which could...
Security Bulletin: IBM InfoSphere Master Data Management – Java CPU Feb 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)
Abstract Multiple security vulnerabilities exist in the IBM Java SDK shipped with IBM WebSphere Application Server that affects IBM InfoSphere Master Data Management versions 8.5, 9.0.1, 9.0.2, 10.0.0, 10.1.0,and 11.0.0 Content VULNERABILITY DETAILS: CVE-2013-0440 - Unspecified vulnerability in...
Security Bulletin: Multiple JRE vulnerabilities addressed in IBM Sterling External Authentication Server (CVE-2013-1571, CVE-2013-1500, CVE-2013-0443, CVE-2013-0440, CVE-2013-0169)
Abstract The IBM JRE embedded in the IBM Sterling External Authentication Server has security vulnerabilities in its Javadoc, and in SSL connections to the configuration GUI. Content VULNERABILITY DETAILS CVE ID: CVE-2013-1571 DESCRIPTION: The Javadoc documentation generated for the Sterling...