Lucene search
K

2476 matches found

Vulnrichment
Vulnrichment
added 2023/07/17 10:13 p.m.12 views

CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...

5.3CVSS6.9AI score0.00634EPSS
Exploits0References3
CVE
CVE
added 2023/07/17 10:13 p.m.44 views

CVE-2023-37479

Open Enclave SDK before 0.19.3 is affected by two issues: MXCSR not sanitized on enclave entry, enabling MXCSR Configuration Dependent Timing (MCDT) attacks, and RFLAGS.AC not sanitized, enabling a side-channel that reveals unaligned memory accesses. The guidance indicates these have been address...

7.5CVSS6.3AI score0.00634EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/07/17 10:13 p.m.12 views

CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...

5.3CVSS7.7AI score0.00634EPSS
Exploits0References3
OSV
OSV
added 2023/07/17 10:13 p.m.16 views

CVE-2023-37479 Improper sanitization of MXCSR and RFLAGS in OpenEnclave

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the MXCSR register ...

5.3CVSS7.6AI score0.00634EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/13 2:38 p.m.40 views

Security Bulletin: A vulnerability in IBM Storage Protect Client, IBM Storage Protect for Virtual Environments, and IBM Storage Protect for Space Management can lead to denial of service (CVE-2023-33832)

Summary IBM Storage Protect Backup-Archive Client, IBM Storage Protect for Virtual Environments Data Protection for Hyper-V and Data Protection for VMware, and IBM Storage Protect for Space Management can be affected by a vulnerability that leads to denial of service. The vulnerability is describ...

6.2CVSS4.9AI score0.00127EPSS
Exploits0Affected Software3
hivepro
hivepro
added 2023/07/13 1:24 p.m.19 views

New Python-Based Fileless Malware Named ‘PyLoose’ Targeting Cloud Environments

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A new fileless attack called PyLoose targets cloud workloads by loading an XMRig Miner directly into memory using Python code and the memfd technique. This evasive attack highlights the need for advanced...

7.3AI score
Exploits0
Talos
Talos
added 2023/07/13 12:0 a.m.28 views

VMware DCERPC call request uninitialized memory heap overflow vulnerability

Talos Vulnerability Report TALOS-2023-1801 VMware DCERPC call request uninitialized memory heap overflow vulnerability July 13, 2023 CVE Number CVE-2023-20892 SUMMARY A heap overflow vulnerability exists in the request processing functionality of DCERPC library as used in VMware vCenter Server...

9.8CVSS9.1AI score0.01849EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2023/07/12 10:11 a.m.47 views

Security Bulletin: Multiple Vulnerabilities of Apache HttpClient and Jackson-mapper have affected IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines

Summary IBM Tivoli Monitoring for Virtual Environments Agent for Linux Kernel-based Virtual Machines is vulnerable to Apache HttpClient and jackson-mapper as described in 220912, CVE-2020-13956, CVE-2019-10202, CVE-2019-10172. The fix includes upgrading required libraries to latest version...

9.8CVSS8.7AI score0.17044EPSS
Exploits1Affected Software1
CNVD
CNVD
added 2023/07/12 12:0 a.m.18 views

Siemens RUGGEDCOM ROX Cross-Site Request Forgery Vulnerability

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A cross-site request forgery vulnerability exists in the Siemens RUGGEDCOM ROX, which can be exploited by an attacker to perform arbitrary actions on t...

8.8CVSS7.9AI score0.00237EPSS
Exploits0References1
CNVD
CNVD
added 2023/07/12 12:0 a.m.19 views

Siemens RUGGEDCOM ROX Weak Password Vulnerability

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A weak password vulnerability exists in the Siemens RUGGEDCOM ROX, which can be exploited by an attacker to read and modify any data passed to the...

6.8CVSS6.8AI score0.00209EPSS
Exploits0References1
CNVD
CNVD
added 2023/07/12 12:0 a.m.27 views

Siemens RUGGEDCOM ROX cross-site scripting vulnerability (CNVD-2023-55709)

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A cross-site scripting vulnerability exists in Siemens RUGGEDCOM ROX, which can be exploited by attackers to execute malicious javascript code by...

8.8CVSS6.4AI score0.00386EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/07/12 12:0 a.m.4 views

Apache Pulsar 安全漏洞

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, and...

9.6CVSS8.2AI score0.00733EPSS
Exploits0References2
CNVD
CNVD
added 2023/07/12 12:0 a.m.21 views

Siemens RUGGEDCOM ROX Input Validation Error Vulnerability

RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. An input validation error vulnerability exists in the Siemens RUGGEDCOM ROX, which can be exploited by an attacker to send an incorrectly formatted HTT...

5.3CVSS4.5AI score0.00564EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/07/11 9:58 a.m.27 views

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services AWS Fargate. "Cloud environments are still their primary target, but the tools and techniques used have adapted t...

7.3AI score
Exploits0
OSV
OSV
added 2023/07/06 9:26 p.m.5 views

CLSA-2023-1688678794 Fix CVE(s): CVE-2023-26604

SECURITY UPDATE: local privilege escalation for some Sudo configurations - debian/patches/CVE-2023-26604.patch: set LESSSECURE to 1 - CVE-2023-26604 test issue: udev-test.pl is stopped by a timeout in a virtual environment - debian/patches/fix-udev-test.patch: skip this test in some cases...

7.8CVSS6.7AI score0.01051EPSS
Exploits4References1
The Hacker News
The Hacker News
added 2023/07/06 10:38 a.m.4 views

Silentbob Campaign: Cloud-Native Environments Under Attack

Cybersecurity researchers have unearthed an attack infrastructure that's being used as part of a "potentially massive campaign" against cloud-native environments. "This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/28 10:44 a.m.27 views

5 Things CISOs Need to Know About Securing OT Environments

For too long the cybersecurity world focused exclusively on information technology IT, leaving operational technology OT to fend for itself. Traditionally, few industrial enterprises had dedicated cybersecurity leaders. Any security decisions that arose fell to the plant and factory managers, who...

5.9AI score
Exploits0
Gitee
Gitee
added 2023/06/15 7:46 p.m.2 views

vulhub

This repository is an open-source collection of pre-built vulnerable Docker environments, known as Vulhub. It is a defensive research tool for improving detection, response, and patch prioritization. The repository contains various vulnerable environments, including CouchDB, FFmpeg, Git, and more...

7AI score
Exploits0
Wiz blog
Wiz blog
added 2023/06/14 3:37 p.m.7 views

Wiz at Re:Inforce 2023

See what is new with Wiz at Re:Inforce and learn about how Wiz and AWS continue to strengthen a strategic relationship to secure customers’ AWS environments...

6.9AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/06/08 7:42 p.m.24 views

Detect and Prioritize Identity-Related Cloud Risk with InsightCloudSec

In modern cloud environments, roles and permissions are assigned not just to human users, but to machines, resources and services, as well. The massive scale of cloud environments leads to teams potentially managing millions of distinct identities. As a result, security teams often struggle to...

6.6AI score
Exploits0
Rows per page
Query Builder