Lucene search
K

17 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:49 a.m.9 views

CVE-2022-37459

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue...

7.8CVSS8AI score0.00212EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2023/11/21 11:31 a.m.8 views

kernel: AMD: Cross-Thread Return Address Predictions

A flaw was found in HW. When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch, potentially resulting in information disclosure...

4.7CVSS6.9AI score0.00289EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2023/11/14 3:49 p.m.3 views

amd: Return Address Predictor vulnerability leading to information disclosure

A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure...

4.7CVSS6.8AI score0.0616EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2023/10/13 12:0 a.m.64 views

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2023-12874)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12874 advisory. - x86: KVM: SVM: always update the x2avic msr interception Maxim Levitsky Orabug: 35857366 CVE-2023-5090 - netfilter: ipset: add the missing...

7.8CVSS7.5AI score0.12405EPSS
Exploits2References6
OSV
OSV
added 2023/09/07 6:1 p.m.11 views

CLSA-2023-1694109668 Fix CVE(s): CVE-2023-20593, CVE-2023-20569

New microcode update packages from AMD upstream up to 2023-08-08: + New Microcodes for 19h family: sig 0x00a10f11, sig 0x00a10f12, sig 0x00aa0f01, sig 0x00aa0f02; SECURITY UPDATE: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction...

5.5CVSS6.6AI score0.0616EPSS
Exploits2References1
OSV
OSV
added 2023/09/07 5:59 p.m.9 views

CLSA-2023-1694109571 Fix CVE(s): CVE-2023-20569, CVE-2023-20593

New microcode update packages from AMD upstream up to 2023-08-08: + New Microcodes for 19h family: sig 0x00a10f11, sig 0x00a10f12, sig 0x00aa0f01, sig 0x00aa0f02; SECURITY UPDATE: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction...

5.5CVSS6.6AI score0.0616EPSS
Exploits2References1
Tenable Nessus
Tenable Nessus
added 2023/08/31 12:0 a.m.37 views

SUSE SLES15 Security Update : xen (SUSE-SU-2023:3494-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3494-1 advisory. - CVE-2023-20569: Fixed x86/AMD Speculative Return Stack Overflow XSA-434 bsc1214082. - CVE-2022-40982: Fixed x86/Intel Gather Data...

6.5CVSS7AI score0.0616EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2023/08/15 12:0 a.m.30 views

Oracle Linux 8 : linux-firmware (ELSA-2023-12714)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12714 advisory. 20230516-999.25.git6c9e0ed5.el8 - Add missing amd-ucode/ files to nano and core rpm Orabug: 35642190 - Add posttrans scriptlet to reload microcode on AMD Orabu...

4.7CVSS7AI score0.0616EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2023/08/08 7:18 p.m.33 views

CVE-2023-20569

A side channel vulnerability was found in hw amd. Some AMD CPUs may allow an attacker to influence the return address prediction. This issue may result in speculative execution at an attacker-controlled instruction pointer register, potentially leading to information disclosure. Mitigation...

5.6CVSS6.7AI score0.0616EPSS
Exploits1References6
OSV
OSV
added 2023/08/08 6:15 p.m.2 views

ALPINE-CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure...

4.7CVSS7.7AI score0.0616EPSS
Exploits1References1
Prion
Prion
added 2023/08/08 6:15 p.m.36 views

Information disclosure

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure...

1CVSS5.5AI score0.0616EPSS
Exploits1References10Affected Software143
OSV
OSV
added 2023/08/08 6:15 p.m.1 views

UBUNTU-CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure...

4.7CVSS6.9AI score0.0616EPSS
Exploits1References13
Debian CVE
Debian CVE
added 2023/08/08 5:2 p.m.59 views

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure...

4.7CVSS6.6AI score0.0616EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2023/08/08 12:0 a.m.68 views

CVE-2023-20569

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled address, potentially leading to information disclosure...

4.7CVSS6.6AI score0.0616EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:19 a.m.5 views

SUSE CVE-2015-3097

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it...

5CVSS6.4AI score0.11997EPSS
Exploits0References4
Hacker One
Hacker One
added 2018/10/13 5:28 a.m.45 views

Shopify: H1514 DOM XSS on checkout.shopify.com via postMessage handler on /:id/sandbox/google_maps

Description: The /:id/sandbox/googlemaps and /:id/sandbox/googleautocomplete routes on checkout.shopify.com are used to render the Google Map on the "Order Status" page as well as the address prediction on checkout pages. The page performs origin validation on incoming postMessages making sure th...

0.2AI score
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2013/08/13 12:0 a.m.45 views

(Pwn2Own) Microsoft Windows Shared Data ASLR Security Feature Bypass Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the existence ...

5CVSS2AI score0.07575EPSS
Exploits1References1
Rows per page
Query Builder