Astra Linux - уязвимость в firefox, thunderbird

Keyboard events reference strings like “KeyA” that are located at fixed, known, and widely-distributed addresses. Cache-based timing attacks, such as Prime+Probe, could potentially determine which keys were pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

Astra Linux - уязвимость в wpa

Implementations of SAE in hostapd before version 2.10, and wpasupplicant before version 2.10, are vulnerable to side-channel attacks due to cache access patterns. NOTE: This issue exists due to an incomplete fix for CVE-2019-9494...

EUVD-2018-13576

Malware in sbrugna...

LlamaIndex 安全漏洞

LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex version 0.12.44 and earlier, which stems from the use of hard-coded paths and lack of security controls in the getcachedir function, which could lead to model stealin...

CVE-2018-21058

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...

Slice+Slice Baby: Generating Last-Level Cache Eviction Sets in the Blink of an Eye

An essential step for mounting cache attacks is finding eviction sets, collections of memory locations that contend on cache space. On Intel processors, one of the main challenges for identifying contending addresses is the sliced cache design, where the processor hashes the physical address to...

CVE-2024-50264

creationtimestamp| type| source ---|---|--- 2024-11-19 01:39:34+00:00| seen| https://infosec.exchange/users/cve/statuses/113507065793952456 2025-01-02 23:00:00+00:00| seen| https://u1f383.github.io/linux/2025/01/03/cross-cache-attack-cheatsheet.html 2025-04-17 14:44:06+00:00|...

SUSE CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

Mozilla: Keystroke Side-Channel Leakage

The Mozilla Foundation Security Advisory describes this flaw as: Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed...

OESA-2022-1510 wpa_supplicant security update

wpasupplicant is a WPA Supplicant for Linux, BSD, Mac OS X, and Windows with support for WPA and WPA2 IEEE 802.11i / RSN. It is suitable for both desktop/laptop computers and embedded systems. Supplicant is the IEEE 802.1X/WPA component that is used in the client stations. It implements key...

ALPINE-CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...

UBUNTU-CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...

SUSE: Security Advisory (SUSE-SU-2019:0600-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:14092-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Intel, ARM, IBM, AMD Processors Vulnerable to New Side-Channel Attacks

It turns out that the root cause behind several previously disclosed speculative execution attacks against modern processors, such as Meltdown and Foreshadow, was misattributed to 'prefetching effect,' resulting in hardware vendors releasing incomplete mitigations and countermeasures. Sharing its...

SUSE-SU-2020:1589-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 prerelease bsc1172466 This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores...

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper "DABANGG: Time for Fearless Flush based Cache...

New Noise-Resilient Attack On Intel and AMD CPUs Makes Flush-based Attacks Effective

Modern Intel and AMD processors are susceptible to a new form of side-channel attack that makes flush-based cache attacks resilient to system noise, newly published research shared with The Hacker News has revealed. The findings are from a paper "DABANGG: Time for Fearless Flush based Cache...

CVE-2018-21058

An issue was discovered on Samsung mobile devices with N7.0, O8.0 exynos7420 or Exynos 8890/8996 chipsets software. Cache attacks can occur against the Keymaster AES-GCM implementation because T-Tables are used; the Cryptography Extension CE is not used. The Samsung ID is SVE-2018-12761 September...