Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities

Given their vital importance for governments and enterprises around the world, we need to trust public clouds to provide strong security guarantees even in the face of advanced attacks and hardware vulnerabilities. While transient execution vulnerabilities, such as Spectre, have been in the...

CVE-2025-34034

CVE-2025-34034 concerns the Blue Angel Software Suite on embedded Linux devices. The vulnerability is a hardcoded credential issue: the software contains multiple default/hardcoded user accounts not disclosed in public docs, enabling unauthenticated or low-privilege attackers to gain administrati...

Cybersecurity for Autonomous Vehicles

The increasing adoption of autonomous vehicles is bringing a major shift in the automotive industry. However, as these vehicles become more connected, cybersecurity threats have emerged as a serious concern. Protecting the security and integrity of autonomous systems is essential to prevent...

CVE-2024-31068

CVE-2024-31068 describes an issue where improper Finite State Machines (FSMs) in hardware logic for some Intel processors may allow a privileged user to cause a denial of service via local access. The vulnerability is tied to Intel processor firmware/microcode behavior and is addressed through mi...

Hotfix XS82ECU1078 - For Citrix Hypervisor 8.2 Cumulative Update 1

Who Should Install This Hotfix? This is a hotfix for customers running Citrix Hypervisor 8.2 Cumulative Update 1. All customers who are affected by the issues described inCTX692065 - XenServer and Citrix Hypervisor Security Update for CVE-2024-45818should install this hotfix. Note: This hotfix is...

Q2-2023 API ThreatStats™ Report: API Exploits Are Everywhere: from NVIDIA to Reddit and more!

Our Q2-2023 API ThreatStats™ report is out. It provides API builders, defenders, breakers, and decision-makers with a comprehensive look at the API security vulnerabilities, threats and exploits reported this past quarter. This report provides everyone involved in API development, security and...

Missing Linux Kernel mitigations for 'RETbleed' hardware vulnerabilities (INTEL-SA-00702, AMD-SB-1037)

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

K35135935: Side-channel processor vulnerability CVE-2018-9056 (BranchScope)

Security Advisory Description Systems with microprocessors utilizing speculative execution may allow unauthorized disclosure of information to an attacker with local user access via a side-channel attack on the directional branch predictor, as demonstrated by a pattern history table PHT, aka...

Over 100 Siemens PLC Models Found Vulnerable to Firmware Takeover

Security researchers have disclosed multiple architectural vulnerabilities in Siemens SIMATIC and SIPLUS S7-1500 programmable logic controllers PLCs that could be exploited by a malicious actor to stealthily install firmware on affected devices and take control of them. Discovered by Red Balloon...

RHEL 9 : kernel-rt (RHSA-2022:7933)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7933 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

Missing Linux Kernel mitigations for 'Processor MMIO Stale Data' hardware vulnerabilities (INTEL-SA-00615)

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

SUSE-SU-2022:1505-1 Security update for xen

This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host bsc1197423. - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which...

Smart Doorbell Disaster: Many Brands Vulnerable to Attack

Smart doorbells, designed to allow homeowners to keep an eye on unwanted and wanted visitors, can often cause more security harm than good compared to their analog door bolt alternatives. Consumer-grade digital doorbells are riddled with potential cybersecurity vulnerabilities ranging from...

Missing Linux Kernel mitigations for 'Meltdown' hardware vulnerabilities

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Missing Linux Kernel mitigations for 'Spectre variant 1' hardware vulnerabilities

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Missing Linux Kernel mitigations for 'MDS - Microarchitectural Data Sampling' hardware vulnerabilities

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Missing Linux Kernel mitigations for 'Spectre variant 2' hardware vulnerabilities

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Missing Linux Kernel mitigations for 'TAA - TSX Asynchronous Abort' hardware vulnerabilities (INTEL-SA-00270)

The remote host is missing one or more known mitigations on Linux Kernel side for the referenced SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Debian: Security Advisory (DSA-4701-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Detection of Linux Kernel mitigation status for hardware vulnerabilities

Checks the Linux Kernel mitigation status for hardware CPU vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...