Lucene search
K

9165 matches found

Debian CVE
Debian CVE
added 2018/08/22 1:0 p.m.24 views

CVE-2018-10846

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets...

5.6CVSS5.8AI score0.00388EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2018/08/21 5:2 p.m.24 views

Code Injection in cryo

All versions of cryo are vulnerable to code injection due to an Insecure implementation of deserialization. Proof of concept js var Cryo = require'cryo'; var frozen = '"root":"CRYOREF3","references":"contents":,"value":"CRYOFUNCTIONfunction console.log\"defconrussia\"; return...

9.8CVSS9.3AI score0.03252EPSS
Exploits1References4Affected Software1
myhack58
myhack58
added 2018/08/21 12:0 a.m.496 views

zzcms 8.3 arbitrary file deletion vulnerability deep thinking-vulnerability warning-the black bar safety net

In the analysis of the already existing cve in the process, discovered zzcms 8.3 comparison of the previous version of the function improved, so by the follow-up look, there is no problem, and sure enough found the problem. CMS for file storage implementation Because I myself have done similar cm...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2018/08/20 8:42 p.m.16 views

Side-Channel PoC Attack Lifts Private RSA Keys from Mobile Phones

Researchers have developed a proof-of-concept side-channel attack that allows them to pull encryption keys from a single decryption for a modern version of OpenSSL. The attack impacts mobile devices — without physical access to the handsets. A group of researchers at Georgia Tech were able to...

0.6AI score
Exploits0References1
Fedora
Fedora
added 2018/08/19 12:22 a.m.45 views

[SECURITY] Fedora 27 Update: libgit2-0.26.6-1.fc27

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language with bindings...

8.1CVSS2.4AI score0.49188EPSS
Exploits10
NVD
NVD
added 2018/08/18 2:29 a.m.14 views

CVE-2018-15503

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

7.5CVSS7.5AI score0.02272EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/08/17 1:0 p.m.16 views

CVE-2018-3784

A code injection in cryo 0.0.6 allows an attacker to arbitrarily execute code due to insecure implementation of deserialization...

9.7AI score0.03252EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.69 views

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3741-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3741-2 advisory. USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

7.8CVSS7AI score0.7354EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.66 views

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3740-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3740-2 advisory. USN-3740-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

7.8CVSS7AI score0.24575EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.53 views

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3741-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3741-1 advisory. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core...

7.8CVSS7AI score0.7354EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.360 views

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3742-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3742-1 advisory. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core...

7.8CVSS7AI score0.7354EPSS
Exploits8References6
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.292 views

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3740-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3740-1 advisory. It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core...

7.8CVSS7AI score0.24575EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2018/08/15 12:0 a.m.26 views

FreeBSD : wpa_supplicant -- unauthenticated encrypted EAPOL-Key data (6bedc863-9fbe-11e8-945f-206a8a720317)

SO-AND-SO reports : A vulnerability was found in how wpasupplicant processes EAPOL-Key frames. It is possible for an attacker to modify the frame in a way that makes wpasupplicant decrypt the Key Data field without requiring a valid MIC value in the frame, i.e., without the frame being...

6.5CVSS6.3AI score0.01404EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2018/08/14 10:11 p.m.119 views

USN-3742-2: Linux kernel (Trusty HWE) vulnerabilities

USN-3742-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 for Ubuntu 12.04 ESM. It was discovered that memory present in the L1 data cache of an Intel CPU core may be...

7.8CVSS6.9AI score0.7354EPSS
Exploits8References1
Ubuntu
Ubuntu
added 2018/08/14 10:9 p.m.81 views

USN-3741-2: Linux kernel (Xenial HWE) vulnerabilities

USN-3741-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that memory present in the L1 data cache of an Intel CPU core may be...

7.8CVSS6.9AI score0.7354EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2018/08/14 9:58 p.m.98 views

USN-3742-1: Linux kernel vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...

7.8CVSS6.8AI score0.7354EPSS
Exploits8References1
Ubuntu
Ubuntu
added 2018/08/14 9:49 p.m.114 views

USN-3741-1: Linux kernel vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...

7.8CVSS6.8AI score0.7354EPSS
Exploits0References1
Fedora
Fedora
added 2018/08/14 8:21 p.m.33 views

[SECURITY] Fedora 27 Update: php-zendframework-zend-diactoros-1.8.4-1.fc27

A PHP package containing implementations of the accepted PSR-7 HTTP message interfaces 1, as well as a "server" implementation similar to node's http.Server 2. Documentation: https://zendframework.github.io/zend-diactoros/ Autoloader: /usr/share/php/Zend/Diactoros/autoload.php 1...

6.5CVSS1.5AI score0.58061EPSS
Exploits0
Xen Project
Xen Project
added 2018/08/14 5:0 p.m.576 views

oxenstored does not apply quota-maxentity

ISSUE DESCRIPTION The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual: http://caml.inria.fr/pub/docs/manual-ocaml/expr.html the order of evaluation of...

6.5CVSS0.1AI score0.00399EPSS
Exploits0
NVD
NVD
added 2018/08/14 4:29 p.m.18 views

CVE-2018-0131

A vulnerability in the implementation of RSA-encrypted nonces in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to obtain the encrypted nonces of an Internet Key Exchange Version 1 IKEv1 session. The vulnerability exists because the affected software...

5.9CVSS5.7AI score0.01722EPSS
Exploits0References3
Rows per page
Query Builder