37 matches found
complexfluids.ethz.ch Cross Site Scripting vulnerability OBB-3890029
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
AMD Response to “ZENHAMMER: Rowhammer Attacks on AMD Zen-Based Platforms”
AMD ID: AMD-SB-7021 Potential Impact: Memory integrity Severity: N/A Summary On February 26, 2024, AMD received new research related to an industry-wide DRAM issue documented in “ZENHAMMER: Rowhammering Attacks on AMD Zen-based Platforms” from researchers at ETH Zurich. The research demonstrates...
complexfluids.ethz.ch Cross Site Scripting vulnerability OBB-3879810
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
polyphys-s01.ethz.ch Cross Site Scripting vulnerability OBB-3646521
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
x86/AMD: Speculative Return Stack Overflow
ISSUE DESCRIPTION Researchers from ETH Zurich have extended their prior research XSA-422, Branch Type Confusion, a.k.a Retbleed and have discovered INCEPTION, also know as RAS Return Address Stack Poisoning, and Speculative Return Stack Overflow. The RAS is updated when a CALL instruction is...
polyphys-s01.ethz.ch Cross Site Scripting vulnerability OBB-3440599
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
complexfluids.ethz.ch Cross Site Scripting vulnerability OBB-3410941
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
surveyweb.kof.ethz.ch Cross Site Scripting vulnerability OBB-3382165
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
seismo.ethz.ch Cross Site Scripting vulnerability OBB-3370097
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
sr.ethz.ch Cross Site Scripting vulnerability OBB-3185333
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App
A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat...
surveyweb.kof.ethz.ch Cross Site Scripting vulnerability OBB-2703072
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
complexfluids.ethz.ch Cross Site Scripting vulnerability OBB-2626328
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ar.ethz.ch Cross Site Scripting vulnerability OBB-2597665
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
schwartz.arch.ethz.ch Cross Site Scripting vulnerability OBB-2597572
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
complexfluids.ethz.ch Cross Site Scripting vulnerability OBB-2597491
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
surveyweb.kof.ethz.ch Cross Site Scripting vulnerability OBB-2559201
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
New JavaScript Exploit Can Now Carry Out DDR4 Rowhammer Attacks
Academics from Vrije University in Amsterdam and ETH Zurich have published a new research paper describing yet another variation of the Rowhammer attack. Dubbed SMASH Synchronized MAny-Sided Hammering, the technique can be used to successfully trigger the attack from JavaScript on modern DDR4 RAM...
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a stud...
mapsearch.ethz.ch Cross Site Scripting vulnerability OBB-1417258
Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website operator about its existence...