2476 matches found
CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...
CVE-2023-37479
Open Enclave SDK before 0.19.3 is affected by two issues: MXCSR not sanitized on enclave entry, enabling MXCSR Configuration Dependent Timing (MCDT) attacks, and RFLAGS.AC not sanitized, enabling a side-channel that reveals unaligned memory accesses. The guidance indicates these have been address...
CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...
CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave
Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...
Security Bulletin: A vulnerability in IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management can lead to denial of service (CVE-2023-33832)
Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by a vulnerability that leads to denial of service. The vulnerability is describ...
New Python-Based Fileless Malware Named ‘PyLoose’ Targeting Cloud Environments
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new fileless attack called PyLoose targets cloud workloads by loading an XMRig Miner directly into memory using Python code and the memfd technique. This evasive attack highlights the need for advanced...
VMware DCERPC call request uninitialized memory heap overflow vulnerability
Talos Vulnerability Report TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-20892 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in VMware vCenter Server...
Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines
Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...
Siemens RUGGEDCOM ROX Cross-Site Request Forgery Vulnerability
RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A cross-site request forgery vulnerability exists in the Siemens RUGGEDCOM ROX, which can be exploited by an attacker to perform arbitrary actions on t...
Siemens RUGGEDCOM ROX Weak Password Vulnerability
RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A weak password vulnerability exists in the Siemens RUGGEDCOM ROX, which can be exploited by an attacker to read and modify any data passed to the...
Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55709)
RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A cross-site scripting vulnerability exists in Siemens RUGGEDCOM ROX, which can be exploited by attackers to execute malicious javascript code by...
Apache Pulsar 安全漏洞
Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...
Siemens RUGGEDCOM ROX Input Validation Error Vulnerability
RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. An input validation error vulnerability exists in the Siemens RUGGEDCOM ROX, which can be exploited by an attacker to send an incorrectly formatted HTT...
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign
Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services AWS Fargate. "Cloud environments are still their primary target, but the tools and techniques used have adapted t...
CLSA-2023-1688678794 Fix CVE(s): CVE-2023-26604
SECURITY UPDATE: local privilege escalation for some Sudo configurations - debian/patches/CVE-2023-26604.patch: set LESSSECURE to 1 - CVE-2023-26604 test issue: udev-test.pl is stopped by a timeout in a virtual environment - debian/patches/fix-udev-test.patch: skip this test in some cases...
Silentbob Campaign: Cloud-Native Environments Under Attack
Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments. "This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to...
5 Things CISOs Need to Know About Securing OT Environments
For too long the cybersecurity world focused exclusively on information technology IT, leaving operational technology OT to fend for itself. Traditionally, few industrial enterprises had dedicated cybersecurity leaders. Any security decisions that arose fell to the plant and factory managers, who...
vulhub
This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is a defensive research tool for improving detection, response, and patch prioritization. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, and more...
Wiz at Re:Inforce 2023
See what is new with Wiz at Re:Inforce and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments...
Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec
In modern cloud environments, roles and permissions are assigned not just to human users, but to machines, resources and services, as well. The massive scale of cloud environments leads to teams potentially managing millions of distinct identities. As a result, security teams often struggle to...