Lucene search
K

39 matches found

CNNVD
CNNVD
added 2023/12/22 12:0 a.m.4 views

Sudo Security Breach

Sudo is a program for use on Unix-like systems that allows users to execute commands in a secure manner with special privileges. A security vulnerability exists in versions of Sudo prior to 1.9.15, which stems from vulnerability to a ROWHAMMER attack that can bypass SUDO authentication...

7CVSS7.1AI score0.00541EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.15 views

F5 Networks BIG-IP : Rowhammer hardware vulnerability (K60570139)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K60570139 advisory. - Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations...

9.3CVSS8.4AI score0.02515EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.5 views

SUSE CVE-2015-0565

NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible...

10CVSS8.8AI score0.13253EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/10/15 12:0 a.m.5 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL version 5.5.0, which stems from an attacker's ability to perform a fault injection attack on RAM via Rowhammer,...

5.3CVSS5.7AI score0.00527EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2021/11/16 4:48 p.m.56 views

New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses

Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM dynamic random-access memory chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique — dubbed "Blacksmith"...

9CVSS8.3AI score0.02889EPSS
Exploits1
CNNVD
CNNVD
added 2021/11/15 12:0 a.m.16 views

Ddr4 Dram 安全漏洞

Ddr4 Dram is a synchronous dynamic random access memory. A security vulnerability exists in DDR4 DRAM that originated in the product that allows an unprivileged system user to use a Rowhammer attack variant to trigger bit corruption across memory spaces. An attacker could cause a denial of servic...

9CVSS8.1AI score0.02889EPSS
Exploits1References5
The Hacker News
The Hacker News
added 2021/03/12 6:35 a.m.4 views

New Browser Attack Allows Tracking Users Online With JavaScript Disabled

Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/08/07 4:24 a.m.64 views

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its...

1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2020/01/06 5:20 p.m.37 views

A week in security (December 30 – January 5)

Last week on Malwarebytes Labs, we took a dive into edge computing, looked at new web skimmer techniques, and rolled our eyes at silly people doing silly things. Other cybersecurity news: Stills and chills: A Reddit user notices their security camera is grabbing stills from other people’s devices...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/12/11 9:30 a.m.63 views

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised. Dubbed Plundervolt and tracked as...

6.7CVSS1.5AI score0.00676EPSS
Exploits0
HackRead
HackRead
added 2019/06/12 9:13 p.m.125 views

RAMBleed attack steals sensitive data from computer memory

By Waqas "RAMBleed Reading Bits in Memory Without Accessing Them." A team of security researchers has published a report on a relatively advanced and previously undetected variant of the Rowhammer attack called RAMBleed. Researchers claim that the new variant can be used for reading the contents ...

3.9AI score
Exploits0
myhack58
myhack58
added 2019/03/07 12:0 a.m.90 views

Intel CPU Spoiler vulnerability alerts-a vulnerability alert-the black bar safety net

Spoiler is the researchers found that the impact of the Intel microprocessor architecture of a speculative attack a speculative attack is a new microprocessor disclosure vulnerability that leaks is about the physical page to the user space process mapping of key information. Spoiler with 2018 1 o...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/05/17 9:54 a.m.1 views

Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests

Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer , which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access RDMA channels. However, a separate team of security researchers has now...

8.7AI score
Exploits0
The Hacker News
The Hacker News
added 2018/05/11 8:19 a.m.1 views

New Rowhammer Attack Can Hijack Computers Remotely Over the Network

Exploitation of Rowhammer attack just got easier. Dubbed 'Throwhammer ,' the newly discovered technique could allow attackers to launch Rowhammer attack on the targeted systems just by sending specially crafted packets to the vulnerable network cards over the local area network. Known since 2012,...

8.2AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/07 5:18 p.m.62 views

A week in security (April 30 – May 6)

Last week on Labs, we examined the Spartacus ransomware, reported about a new tactic used by the Necurs malspam campaign, informed you about the recommended Twitter password change, and discussed engaging students to start considering careers in cybersecurity. Other news NTML credentials can be...

1AI score
Exploits0
CERT
CERT
added 2018/05/03 12:0 a.m.511 views

Integrated GPUs may allow side-channel and rowhammer attacks using WebGL ("Glitch")

Overview Some platforms with integrated GPUs, such as smartphones, may allow both side-channel and rowhammer attacks via WebGL, which may allow a remote attacker to compromise the browser on an affected platform. An attack technique that leverages these vulnerabilities is called "GLitch."...

5.8CVSS5AI score0.00594EPSS
Exploits0References2
myhack58
myhack58
added 2016/03/21 12:0 a.m.20 views

Keep an eye on your computer: memory vulnerable to malicious attacks-vulnerability warning-the black bar safety net

Recently, security researchers demonstrated a new Rowhammer attack, using this technology can attack some of the DDR4 memory module. Rowhammer attacks affect a wide Rowhammer attack is known to be in the 2 0 1 4 year, Carnegie Mellon University researchers in a sufficient number of access number ...

1.7AI score
Exploits0
CNVD
CNVD
added 2015/04/21 12:0 a.m.2 views

Google Chrome memory corruption vulnerability (CNVD-2015-02654)

Google Chrome is a web browser developed by the American company Google Google. Google Chrome versions prior to 42.0.2311.90, the function NaClSandbox::InitializeLayerTwoSandbox within components/nacl/loader/sandboxlinux/naclsandboxlinux.cc Failure to apply RLIMITAS and RLIMITDATA restrictions to...

7.5CVSS6.9AI score0.01916EPSS
Exploits1References1
CNVD
CNVD
added 2015/03/12 12:0 a.m.2 views

DRAM 'Rowhammer' Memory Bit Flip Privilege Elevation Vulnerability

DRAM, or Dynamic Random Access Memory, is the most common type of system memory. DRAM devices have security vulnerabilities that allow a local user to run a program that continuously accesses the DRAM, flipping the value of a cell from 1 to 0, or vice versa, allowing elevated privileges to execut...

7.3AI score
Exploits0References1
Rows per page
Query Builder