Lucene search
K

98 matches found

The Hacker News
The Hacker News
added 2018/11/04 9:24 a.m.771 views

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading...

4.7CVSS6.3AI score0.03418EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2018/10/31 12:0 a.m.38 views

GLSA-201810-06 : Xen: Multiple vulnerabilities (Foreshadow) (Meltdown) (Spectre)

The remote host is affected by the vulnerability described in GLSA-201810-06 Xen: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Xen. Please review the referenced CVE identifiers for details. Impact : A local attacker could cause a Denial of Service condition or disclos...

9.9CVSS7.3AI score0.93838EPSS
Exploits13References20
IBM Security Bulletins
IBM Security Bulletins
added 2018/10/26 8:30 p.m.37 views

Security Bulletin: IBM API Connect is affected by Foreshadow Spectre Variant vulnerability (CVE-2018-3646 CVE-2018-3615 CVE-2018-3620)

Summary API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2018-3646 DESCRIPTION: Multiple Intel CPU's could allow a local attacker to obtain sensitive information, caused by a flaw in the CPU speculative branch instruction execution feature. By conducting...

6.4CVSS0.5AI score0.08101EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.67 views

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:2344-2) (Foreshadow)

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache...

7.8CVSS7.3AI score0.7354EPSS
Exploits10References52
Tenable Nessus
Tenable Nessus
added 2018/10/22 12:0 a.m.48 views

SUSE SLES12 Security Update : xen (SUSE-SU-2018:2410-2) (Foreshadow)

This update for xen fixes the following security issues : CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...

5.6CVSS7.3AI score0.08101EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2018/09/26 9:15 p.m.62 views

Security Bulletin: PowerKVM has released fixes in response to the vulnerabilities known as Foreshadow

Summary PowerKVM is affected by vulnerabilities in the Linux kernel. IBM has now addressed these vulnerabilities. Note that, although the CVE descriptions do not reference POWER, POWER CPUs are afftected. Vulnerability Details CVEID: CVE-2018-3620 DESCRIPTION: Multiple Intel CPU''s could allow a...

5.6CVSS6.5AI score0.05577EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/09/17 12:0 a.m.61 views

Debian DLA-1506-1 : intel-microcode security update (Foreshadow) (Spectre)

Security researchers identified speculative execution side-channel methods which have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors processors and operating systems. This update requires an update to the intel-microcode package,...

7.3CVSS7.5AI score0.74041EPSS
Exploits11References9
Tenable Nessus
Tenable Nessus
added 2018/09/10 12:0 a.m.43 views

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0254) (Foreshadow)

The remote OracleVM system is missing necessary patches to address critical security updates : Oracle VM Security Advisory OVMSA-2018-0254 The following updated rpms for Oracle VM 3.4 have been uploaded to the Unbreakable Linux Network : x8664: kernel-uek-4.1.12-124.19.1.el6uek.x8664.rpm...

7.8CVSS7.3AI score0.08101EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/09/04 12:0 a.m.45 views

Fedora 27 : xen (2018-915602df63) (Foreshadow)

L1 Terminal Fault speculative side channel patch bundle XSA-273, CVE-2018-3620, CVE-2018-3646 drop patches also in the bundle, which also includes Use of v2 grant tables may cause crash on ARM XSA-268 1616081 x86: Incorrect MSRDEBUGCTL handling lets guests enable BTS XSA-269 1616077 oxenstored do...

6.5CVSS7.2AI score0.08101EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/08/29 12:0 a.m.38 views

Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-240-01) (Foreshadow)

New kernel packages are available for Slackware 14.2 to mitigate security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2018-240-01. The text itself is copyright C Slackware Linux, Inc...

7.3CVSS7.2AI score0.06301EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/08/29 12:0 a.m.40 views

Debian DLA-1481-1 : linux-4.9 security update (Foreshadow)

Multiple researchers have discovered a vulnerability in the way the Intel processor designs have implemented speculative execution of instructions in combination with handling of page-faults. This flaw could allow an attacker controlling an unprivileged process to read memory from arbitrary...

5.6CVSS7.7AI score0.08101EPSS
Exploits0References4
Slackware Linux
Slackware Linux
added 2018/08/28 11:41 p.m.130 views

[slackware-security] Slackware 14.2 kernel

New kernel packages are available for Slackware 14.2 to mitigate security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/linux-4.4.153/: Upgraded. This kernel update enables mitigations for L1 Terminal Fault aka Foreshadow and Foreshadow-NG vulnerabilities. Thank...

7.3CVSS0.4AI score0.06301EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/08/28 12:0 a.m.42 views

Xen Project Speculative Execution Side Channel Vulnerability (XSA-273) (Foreshadow)

According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by a speculative execution side channel attack known as L1 Terminal Fault L1TF. An attacker who successfully exploited L1TF may be able to read privileged data across trust boundaries. Note...

5.6CVSS7.4AI score0.08101EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/08/28 12:0 a.m.45 views

SUSE SLES11 Security Update : xen (SUSE-SU-2018:2528-1) (Foreshadow) (Meltdown) (Spectre)

This update for xen fixes the following issues: These security issue were fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local...

8.8CVSS7.7AI score0.93838EPSS
Exploits20References38
Tenable Nessus
Tenable Nessus
added 2018/08/24 12:0 a.m.1911 views

Security Updates for Windows 10 / Windows Server 2016 (August 2018) (Spectre) (Meltdown) (Foreshadow)

The remote Windows host is missing a security update. It is, therefore, missing microcode updates to address Rogue System Register Read RSRE, Speculative Store Bypass SSB, L1 Terminal Fault L1TF, and Branch Target Injection vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if...

7.3CVSS7.2AI score0.60631EPSS
Exploits2References11
Tenable Nessus
Tenable Nessus
added 2018/08/24 12:0 a.m.27 views

SUSE SLES12 Security Update : xen (SUSE-SU-2018:2483-1) (Foreshadow)

This update for xen fixes the following issues: This security issue was fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local us...

5.6CVSS7.4AI score0.08101EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2018/08/23 12:0 a.m.40 views

SUSE SLES12 Security Update : xen (SUSE-SU-2018:2480-1) (Foreshadow)

This update for xen fixes the following security issue : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS...

5.6CVSS7.4AI score0.08101EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/08/23 12:0 a.m.43 views

SUSE SLES11 Security Update : xen (SUSE-SU-2018:2482-1) (Foreshadow)

This update for xen fixes the following issues: This security issue was fixed : - CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may have allowed unauthorized disclosure of information residing in the L1 data cache to an attacker with local us...

5.6CVSS7.4AI score0.08101EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2018/08/21 12:0 a.m.55 views

openSUSE Security Update : ucode-intel (openSUSE-2018-887) (Foreshadow) (Spectre)

ucode-intel was updated to the 20180807 release. For the listed CPU chipsets this fixes CVE-2018-3640 Spectre v3a and is part of the mitigations for CVE-2018-3639 Spectre v4 and CVE-2018-3646 L1 Terminal fault. bsc1104134 bsc1087082 bsc1087083 bsc1089343 Processor Identifier Version Products Mode...

5.6CVSS7AI score0.60631EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2018/08/21 12:0 a.m.43 views

RHEL 7 : rhvm-appliance (RHSA-2018:2402)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:2402 advisory. The RHV-M Virtual Appliance automates the process of installing and configuring the Red Hat Virtualization Manager. The appliance is availab...

7.8CVSS7.2AI score0.7354EPSS
Exploits0References9
Rows per page
Query Builder