759 matches found
Debian: Security Advisory (DSA-5475-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 3524-1] linux security update
Debian LTS Advisory DLA-3524-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings August 10, 2023 https://wiki.debian.org/LTS Package : linux Version : 4.19.289-2 CVE ID : CVE-2022-40982 Daniel Moghimi discovered Gather Data Sampling GDS, a hardware vulnerability for...
Design/Logic Flaw
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
CVE-2023-1732 Improper random reading in CIRCL
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read returns an error. In rare deployment cases error thrown by the Read function, this could lead to a predictable shared secret. The tkn20 and blindrsa components did not...
K80159635: Microarchitectural Fill Buffer Data Sampling (MFBDS) CVE-2018-12130
Security Advisory Description Microarchitectural Fill Buffer Data Sampling MFBDS: Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2018-12130 Impact MDS...
K97035296: Microarchitectural Load Port Data Sampling - Information Leak (MLPDS) CVE-2018-12127
Security Advisory Description Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2018-12127 Impact MDS...
K41283800: INTEL-SA-00233 Microarchitectural Data Sampling Advisory
Security Advisory Description Multiple vulnerabilities in Intel processors have been mentioned in several sources and are referred to collectively as INTEL-SA-00233 Microarchitectural Data Sampling Advisory. F5 is aware of these vulnerabilities and is investigating as information becomes availabl...
K34303485: Microarchitectural Data Sampling Uncacheable Memory (MDSUM) CVE-2019-11091
Security Advisory Description Microarchitectural Data Sampling Uncacheable Memory MDSUM: Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. CVE-2019-11091...
K52370164: Microarchitectural Store Buffer Data Sampling (MSBDS) CVE-2018-12126
Security Advisory Description Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.CVE-2018-12126 Impact MDS...
SUSE CVE-2018-12126
Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...
SUSE CVE-2018-12127
Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...
SUSE CVE-2018-12130
Microarchitectural Fill Buffer Data Sampling MFBDS: Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...
SUSE CVE-2019-11091
Microarchitectural Data Sampling Uncacheable Memory MDSUM: Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...
SUSE CVE-2021-28971
In intelpmudrainpebsnhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications such as perf-fuzzer can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6...
SUSE-SU-2022:2660-1 Security update for java-17-openjdk
This update for java-17-openjdk fixes the following issues: Update to upstream tag jdk-17.0.4+8 July 2022 CPU - CVE-2022-21540: Improve class compilation bsc1201694 - CVE-2022-21541: Enhance MethodHandle invocations bsc1201692 - CVE-2022-34169: Improve Xalan supports bsc1201684 - CVE-2022-21549:...
Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS)
...
Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update)
...
Denial Of Service (DoS)
jpeg-js is vulnerable to denial of service. The vulnerability exists in prepareComponents function in decoder.js because the sampling factors are not properly validated which creates an infinite loop due to some user input causing an application crash...
CVE-2021-42857
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be...
CVE-2021-42857
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be...