378 matches found
Huawei EulerOS: Security Advisory for libgcrypt (EulerOS-SA-2020-1114)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EulerOS 2.0 SP5 : libgcrypt (EulerOS-SA-2020-1114)
According to the version of the libgcrypt packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing...
[SECURITY] Fedora 31 Update: libuv-1.34.2-1.fc31
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on Windows and libev on Unix systems. We intend to eventually contain all plat form differences in this library...
CVE-2015-0837
The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...
Design/Logic Flaw
The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...
CVE-2015-0837
CVE-2015-0837 affects Libgcrypt (before 1.6.3) and GnuPG (before 1.4.19). It enables a timing side-channel attack on modular exponentiation using a pre-computed table, related to a Last-Level Cache side-channel attack. The description notes the timing differences that could allow an attacker to o...
CVE-2015-0837
The mpipowm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack."...
Police Use of Facial Recognition is Just Fine, Say Most Americans
Despite the appetite for dystopian surveillance dramas on TV and in film, most Americans actually do trust law enforcement to not abuse facial recognition technology, according to a new survey. According to the Pew Research Center, a full 56 percent said that they trust police and officials to us...
Updated wpa_supplicant and hostapd packages fix security vulnerability
A number of potential side channel attacks were discovered in the SAE implementations used by both hostapd AP and wpasupplicant infrastructure BSS station/mesh station. SAE Simultaneous Authentication of Equals is also known as WPA3-Personal. The discovered side channel attacks may be able to lea...
Design/Logic Flaw
The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...
CVE-2019-13377
CVE-2019-13377 affects the SAE and EAP-pwd implementations in hostapd and wpa_supplicant (2.x up to 2.8). The root cause is a side-channel weakness: observable timing differences and cache access patterns when Brainpool curves are used, enabling an attacker to recover parts of the password and po...
CVE-2019-13377
The implementations of SAE and EAP-pwd in hostapd and wpasupplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. An attacker may be able to gain leaked information from a side-channel...
EulerOS 2.0 SP8 : wpa_supplicant (EulerOS-SA-2019-1779)
According to the version of the wpasupplicant package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences a...
NSX-T vs. NSX-V – Key Differences and Pitfalls to Avoid
Learn the difference between VMware’s segmentation offerings, NSX-T vs NSX-V, and understand the several potential pitfalls that are important to consider before deployment...
Same-Origin Policy Bypass
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Arbitrary Code Execution
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
Use-After-Free
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...
CVE-2019-9494
The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...