ScaleDisturb: Exploiting Temporal Asymmetry to Amplify Read Disturbance in Modern DRAM Chips

DRAM suffers from read disturbance phenomena e.g., RowHammer and RowPress, where repeatedly accessing or continuously keeping open a DRAM row aggressor row induces bitflips in other physically nearby unaccessed rows victim rows. The disturbance mechanism is practically exploitable from the softwa...

Quantifying Memory Cells Vulnerability for DRAM Security

Dynamic Random Access Memory DRAM is pervasive in computer systems. Cell vulnerabilities caused by unintended phenomena forced retention failure, latency alteration, rowhammer and rowpress lead to unintended bit flips in memory. These phenomena have been explored as attacks to violate data...

EUVD-2014-8227

Malware in sbrugna...

Malleability-Resistant Encrypted Control System with Disturbance Compensation and Real-Time Attack Detection

This study proposes an encrypted PID control system with a disturbance observer DOB using a keyed-homomorphic encryption KHE scheme, aiming to achieve control performance while providing resistance to malleability-based attacks. The controller integrates a DOB with a PID structure to compensate f...

PuDHammer: Experimental Analysis of Read Disturbance Effects of Processing-Using-DRAM in Real DRAM Chips

Processing-using-DRAM PuD is a promising paradigm for alleviating the data movement bottleneck using DRAM's massive internal parallelism and bandwidth to execute very wide operations. Performing a PuD operation involves activating multiple DRAM rows in quick succession or simultaneously, i.e.,...

CVE-2024-1104

An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users...

Design/Logic Flaw

An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users...

CVE-2024-1104

CVE-2024-1104 affects AREAL Topkapi security platform, specifically Webserv2. The vulnerability arises from a bypass of the brute-force protection mechanism, enabling an unauthenticated remote attacker to disturb the webservice for all users. Reports from multiple sources (Topkapi-related CVE ent...

SUSE: Security Advisory (SUSE-SU-2020:3913-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Maps help Police catch serial masturbator after 4-year hunt

By Carolina An alleged "serial masturbator" who has been causing disturbance among citizens around Brisbane’s inner-city for the past four years has finally been caught by the Queensland Police thanks to Google Maps. Google Maps: Hubby divorces wife after finding her on Street View with another m...

Infogram: No Rate Limit on account deletion request(Leads to huge email flooding/email bombing)

Dear sir, At first,i want to say that this sensitive action definitely should be set with rate limit. Note:-This is about huge bombing/brute force on any endpoints. Vulnerability:- -No rate limit has been set for generating account deletion emails for accounts on above selected domain. -As there ...

OracleVM 3.2 : openssh (OVMSA-2016-0030)

The remote OracleVM system is missing necessary patches to address critical security updates : - change default value of MaxStartups - CVE-2010-5107 John Haxby - improve RNG seeding from /dev/random 681291,708056 - make ssh1's ConnectTimeout option apply to both the TCP connection and SSH banner...

Schneider Electric VAMPSET Buffer Overflow Vulnerability

Schneider Electric VAMPSET is a suite of software from Schneider Electric, France, deployed in the energy industry to configure and maintain multiple relays and arc monitors. A buffer overflow vulnerability exists in Schneider Electric VAMPSET version 2.2.145 and earlier. A local attacker can...

CVE-2014-8390

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a 1 CFG or 2 DAT file...

Buffer overflow

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a 1 CFG or 2 DAT file...

CVE-2014-8390

Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 allow local users to gain privileges via malformed disturbance-recording data in a 1 CFG or 2 DAT file...

Exploiting the DRAM rowhammer bug to gain kernel privileges

Rowhammer blog post draft Posted by Mark Seaborn, sandbox builder and breaker, with contributions by Thomas Dullien, reverse engineer This guest post continues Project Zero’s practice of promoting excellence in security research on the Project Zero blog Overview “Rowhammer” is a problem with some...

CVE-2014-5407

Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service application halt via a malformed 1 setting file or 2 disturbance recording file...

CVE-2014-5407 Schneider Electric VAMPSET Stack-based Buffer Overflow

Multiple stack-based buffer overflows in Schneider Electric VAMPSET 2.2.136 and earlier allow local users to cause a denial of service application halt via a malformed 1 setting file or 2 disturbance recording file...