Lucene search
K

107 matches found

ThreatPost
ThreatPost
added 2018/06/27 6:26 p.m.17 views

WebAssembly Changes Could Ruin Meltdown/Spectre Browser Patches

Upcoming changes to the WebAssembly Wasm format may defang the browser patches for infamous side-channel attacks Meltdown and Spectre. Wasm was invented to improve execution speed for porting desktop applications to web-based environments; programs are compiled in Wasm and then can easily be run ...

7AI score
Exploits0References7
Huawei
Huawei
added 2018/06/06 12:0 a.m.88 views

Security Advisory - CPU Vulnerabilities Meltdown and Spectre

Security researchers disclosed two groups of CPU vulnerabilities "Meltdown" and "Spectre". In some circumstances, a local attacker could exploit these vulnerabilities to read memory information belonging to other processes or other operating system kernel. Vulnerability ID:...

4.7CVSS0.93838EPSS
Exploits13Affected Software125
OPENSUSE Linux
OPENSUSE Linux
added 2018/05/25 11:32 a.m.179 views

Security update for the Linux Kernel (important)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are...

2.6AI score0.60631EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2018/05/23 12:0 a.m.58 views

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1377-1) (Spectre)

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed : - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot...

5.5CVSS7.1AI score0.60631EPSS
Exploits2References13
Microsoft CVE
Microsoft CVE
added 2018/05/21 7:0 a.m.290 views

Microsoft Guidance for Speculative Store Bypass

Executive summary On January 3, 2018, Microsoft released an advisory and security updates related to a newly-discovered class of hardware vulnerabilities known as Spectre and Meltdown involving speculative execution side channels that affect AMD, ARM, and Intel CPUs to varying degrees. On May 21s...

5.6CVSS6.6AI score0.60631EPSS
Exploits2
The Hacker News
The Hacker News
added 2018/05/17 9:54 a.m.78 views

Nethammer—Exploiting DRAM Rowhammer Bug Through Network Requests

Last week, we reported about the first network-based remote Rowhammer attack, dubbed Throwhammer, which involves the exploitation a known vulnerability in DRAM through network cards using remote direct memory access RDMA channels. However, a separate team of security researchers has now...

2.1AI score
Exploits0
OSV
OSV
added 2018/03/16 12:43 p.m.9 views

SUSE-SU-2018:0705-1 Security update for microcode_ctl

This update for ucode-intel fixes the following issues: The Intel CPU microcode version was updated to version 20180312. This update enables the IBPB+IBRS based mitigations of the Spectre v2 flaws boo1085207 CVE-2017-5715 - New Platforms - BDX-DE EGW A0 6-56-5:10 e000009 - SKX B1 6-55-3:97 100014...

5.6CVSS7AI score0.74041EPSS
Exploits9References3
RedHat Linux
RedHat Linux
added 2018/01/25 11:17 a.m.313 views

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS7AI score0.93838EPSS
Exploits21References14
Tenable Nessus
Tenable Nessus
added 2018/01/25 12:0 a.m.128 views

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4020)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4020 advisory. - x86: Use PREDCMD MSR when ibpb is enabled Konrad Rzeszutek Wilk Orabug: 27369777 CVE-2017-5715 CVE-2017-5753 - x86/spec: Dont print the Missing...

5.6CVSS7.7AI score0.93838EPSS
Exploits13References4
Tenable Nessus
Tenable Nessus
added 2018/01/22 12:0 a.m.273 views

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0012) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - Revert 'kernel.spec: Require the new microcodectl.' Brian Maly - xen-blkback: add pendingreq allocation stats Ankur Arora Orabug: 27386890 - xen-blkback: move indirect req allocation out-of-line Ankur...

7.4CVSS7.3AI score0.93838EPSS
Exploits9References3
ThreatPost
ThreatPost
added 2018/01/18 10:53 a.m.9 views

Intel Says Firmware Fixes for Spectre and Meltdown Affecting Newer Chips

Intel’s efforts to issue fixes for the Spectre and Meltdown CPU vulnerabilities are still hitting some bumps in the road, a company executive said in a blog post. “We have now issued firmware updates for 90 percent of Intel CPUs introduced in the past five years, but we have more work to do,” sai...

Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/01/17 12:0 a.m.55 views

SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0115-1) (Meltdown) (Spectre)

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / 'SpectreAttack': Local...

7.8CVSS7.7AI score0.93838EPSS
Exploits18References44
Nvidia
Nvidia
added 2018/01/09 12:0 a.m.131 views

Security Bulletin: NVIDIA GeForce Experience (GFE) Security Updates for CPU Speculative Side Channel Vulnerabilities

NVIDIA GeForce Experience GFE response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018 publication of novel information...

5.6CVSS6.9AI score0.93838EPSS
Exploits13Affected Software1
Kitploit
Kitploit
added 2018/01/07 8:4 p.m.94 views

In-Spectre-Meltdown - Tool to identify Meltdown & Spectre Vulnerabilities in processors

This tool allows to check speculative execution side-channel attacks that affect many modern processors and operating systems designs. CVE-2017-5754 Meltdown and CVE-2017-5715 Spectre allows unprivileged processes to steal secrets from privileged processes. These attacks present 3 different ways ...

5.6CVSS7.4AI score0.84172EPSS
Exploits10References1
Nvidia
Nvidia
added 2018/01/05 12:0 a.m.87 views

Security Bulletin: NVIDIA Jetson TX2 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities

Jetson L4T response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure attacks that...

5.6CVSS6.9AI score0.93838EPSS
Exploits13Affected Software1
Nvidia
Nvidia
added 2018/01/05 12:0 a.m.82 views

Security Bulletin: NVIDIA Jetson TX1, Jetson TK1, and Tegra K1 L4T Security Updates for CPU Speculative Side Channel Vulnerabilities

Jetson and Tegra L4T response to CPU speculative side channel vulnerabilities - CVE-2017-5753, CVE-2017-5715, CVE-2017-5754 Bulletin Summary NVIDIA is providing an initial security update to mitigate aspects of Google Project Zero's January 3, 2018, publication of novel information disclosure...

5.6CVSS7AI score0.93838EPSS
Exploits13Affected Software3
Malwarebytes
Malwarebytes
added 2018/01/04 3:53 p.m.351 views

Meltdown and Spectre: what you need to know

UPDATE as of 1/12/18: Several vendors have produced patches for Meltdown and Spectre, however performance problems dog the fixes. Details on the patches were published here. UPDATE as of 1/04/18: Since the Malwarebytes Database Update 1.0.3624, all Malwarebytes users are able to receive the...

4.7CVSS7.5AI score0.93838EPSS
Exploits13
OSV
OSV
added 2018/01/04 7:38 a.m.7 views

SUSE-SU-2018:0010-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / 'SpectreAttack': Local attackers...

7.8CVSS7.8AI score0.93838EPSS
Exploits13References37
OSV
OSV
added 2018/01/04 7:36 a.m.10 views

SUSE-SU-2018:0012-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. This update adds mitigations for various side channel attacks against modern CPUs that could disclose content of otherwise unreadable memory bnc1068032. - CVE-2017-5753 / 'SpecŧreAttack': Local attackers...

7.8CVSS7.8AI score0.93838EPSS
Exploits13References24
Citrix
Citrix
added 2018/01/04 5:0 a.m.79 views

Citrix XenServer Multiple Security Updates

Important Note Due to concerns about the robustness of some of the Intel microcode updates included in the earlier hotfixes for these issues XS71ECU1009, XS72E013 and XS73E001, Citrix has superseded these hotfixes with new hotfixes listed below. Customers are strongly recommended to apply these n...

7.8CVSS1AI score0.93838EPSS
Exploits13Affected Software1
Rows per page
Query Builder