Lucene search
+L

207 matches found

Slackware Linux
Slackware Linux
added 2023/11/07 8:3 p.m.59 views

[slackware-security] sudo

New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/sudo-1.9.15-i586-1slack15.0.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMME...

8.1CVSS6.8AI score0.00571EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/11/02 12:0 a.m.16 views

F5 Networks BIG-IP : Rowhammer hardware vulnerability (K60570139)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K60570139 advisory. - Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations...

9.3CVSS8.4AI score0.02515EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 7:27 p.m.59 views

K60570139: Rowhammer hardware vulnerability CVE-2020-10255

Security Advisory Description Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain...

9.3CVSS8.9AI score0.02515EPSS
Exploits0Affected Software11
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.5 views

SUSE CVE-2015-0565

NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible...

10CVSS8.8AI score0.13573EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.6 views

SUSE CVE-2020-10255

Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit...

9.3CVSS8.7AI score0.02515EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 3:37 a.m.45 views

SUSE CVE-2021-42114

Modern DRAM devices PC-DDR4, LPDDR4X are affected by a vulnerability in their internal Target Row Refresh TRR mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips o...

9CVSS8.2AI score0.02889EPSS
Exploits1References3
Snyk
Snyk
added 2022/10/16 12:46 p.m.2 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via fault injection achieved with a rowhammer attack, which exposes ECDSA keys. Remediation Upgrade wolfssl to version 5.5.1 or higher. References - GitHub Commit - GitHub PR - GitHub Release Credit: Yarkin Doroz,...

5.3CVSS7.2AI score0.00527EPSS
Exploits0References2
NVD
NVD
added 2022/10/15 4:15 a.m.24 views

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5.3CVSS0.00527EPSS
Exploits0References1
OSV
OSV
added 2022/10/15 4:15 a.m.4 views

DEBIAN-CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5.3CVSS5.6AI score0.00527EPSS
Exploits0References1
Prion
Prion
added 2022/10/15 4:15 a.m.26 views

Crlf injection

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5CVSS5.3AI score0.00527EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/10/15 4:15 a.m.22 views

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5.3CVSS6AI score0.00527EPSS
Exploits0References2
OSV
OSV
added 2022/10/15 4:15 a.m.6 views

UBUNTU-CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5.3CVSS6AI score0.00527EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/10/15 12:0 a.m.12 views

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5.3AI score0.00527EPSS
Exploits0References1
CVE
CVE
added 2022/10/15 12:0 a.m.123 views

CVE-2022-42961

CVE-2022-42961 concerns wolfSSL before 5.5.0, where a Rowhammer RAM fault injection can disclose ECDSA private-key material during signing (e.g., TLS handshakes). The issue may allow leakage of faulty ECC signatures, enabling an advanced technique for ECDSA key recovery. Impact is limited to conf...

5.3CVSS5.3AI score0.00527EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/10/15 12:0 a.m.6 views

wolfSSL 安全漏洞

wolfSSL CyaSSL is a small, portable embedded SSL programming library for embedded systems developers from wolfSSL, Inc. in the United States. A security vulnerability exists in wolfSSL version 5.5.0, which stems from an attacker's ability to perform a fault injection attack on RAM via Rowhammer,...

5.3CVSS5.7AI score0.00527EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2022/10/15 12:0 a.m.57 views

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5.3CVSS5.2AI score0.00527EPSS
Exploits0
OSV
OSV
added 2022/10/15 12:0 a.m.20 views

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

5.3CVSS5.4AI score0.00527EPSS
Exploits0References3
Schneier on Security
Schneier on Security
added 2021/11/19 2:31 p.m.19 views

New Rowhammer Technique

Rowhammer is an attack technique involving accessing -- thats "hammering" -- rows of bits in memory, millions of times per second, with the intent of causing bits in neighboring rows to flip. This is a side-channel attack, and the result can be all sorts of mayhem. Well, there is a new enhancemen...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2021/11/16 4:48 p.m.58 views

New Blacksmith Exploit Bypasses Current Rowhammer Attack Defenses

Cybersecurity researchers have demonstrated yet another variation of the Rowhammer attack affecting all DRAM dynamic random-access memory chips that bypasses currently deployed mitigations, thereby effectively compromising the security of the devices. The new technique — dubbed "Blacksmith"...

9CVSS8.3AI score0.02889EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2021/11/16 2:44 p.m.94 views

CVE-2021-42114

A Rowhammer flaw was found in the latest DDR4 DRAM hardware chips. This flaw is different from the previously known attack CVE-2020-10255 by non-uniform patterns of memory access. These DDR4 DRAM hardware chips implement a Target Row Refresh TRR mitigation to prevent a Rowhammer flaw-induced bit...

9.3CVSS8.6AI score0.02889EPSS
Exploits1References6
Rows per page
Query Builder