199 matches found
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
Unsafe Deserialization
infinispan-client-hotrod is vulnerable to unsafe deserializations. Attackers can inject objects into the data cache, which would get deserialized within the client. This could lead to remote code execution and other attacks...
CVE-2017-15089
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
CVE-2017-15089
The CVE-2017-15089 vulnerability affects the Infinispan Hotrod client: before version 9.2.0.CR1, deserialized data from the cache could be read unsafely, allowing an authenticated attacker to inject a malicious object and trigger client deserialization. Remediation is to upgrade to 9.2.0.CR1 or n...
infinispan: Unsafe deserialization of malicious object injected into data cache
It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks...
VMware Virtual Appliance updates address side-channel analysis due to speculative execution
a. VMware Virtual Appliance Mitigations for Bounds-Check bypass Spectre-1, and Rogue data cache load issues Meltdown CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to at worst arbitrary virtual memory read vulnerabilities across...
VMSA-2018-0007:VMware Virtual Appliance updates address side-channel analysis due to speculative execution
VMSA-2018-0007.6 VMware Virtual Appliance updates address side-channel analysis due to speculative execution VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2018-0007.6 VMware Security Advisory Severity: Important VMware Security Advisory Synopsis: VMware Virtual Appliance...
Apple Mac OS X Speculative Execution Side-Channel Vulnerability-Meltdown (HT208465)
Apple Mac OS X is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4006)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2018-4006 advisory. - x86/ia32: save and clear registers on syscall. Jamie Iles Orabug: 27355759 CVE-2017-5754 - pti: Rename X86FEATUREKAISER to X86FEATUREPTI Pavel Tatashin...
Experts Weigh In On Spectre Patch Challenges
The race to patch against the Meltdown and Spectre processor vulnerabilities disclosed last week is on. As of today, there are no known exploits in the wild impacting vulnerable Intel, AMD and ARM devices. Currently, vendors are focused on three main mitigation efforts. Patches that address the...
(RHSA-2018:0035) Important: microcode_ctl security update
The microcodectl packages provide microcode updates for Intel and AMD processors. Security Fixes: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary...
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache...
Default configuration
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache...
ALPINE-CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache...
DEBIAN-CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache...
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache...
CVE-2017-5754
CVE-2017-5754 is the Meltdown vulnerability: a speculative-execution side-channel in kernels could allow a local attacker to read privileged memory. Apple documents show Meltdown affecting Kernel on iOS/macOS/watchOS with related entries (e.g., CVE-2017-5754) and list mitigation via security upda...