Lucene search
K

1341 matches found

OSV
OSV
added 2018/07/12 8:41 a.m.3 views

SUSE-SU-2018:1943-1 Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP2)

This update for the Linux Kernel 4.4.114-9267 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

5.6CVSS5.7AI score0.00611EPSS
Exploits0References4
OSV
OSV
added 2018/07/11 8:29 p.m.5 views

CVE-2018-11045

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator LRNG seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the...

5.9CVSS5.8AI score0.00858EPSS
Exploits0References1
Prion
Prion
added 2018/06/21 8:29 p.m.28 views

Command injection

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel...

4.7CVSS6.2AI score0.00611EPSS
Exploits0References25Affected Software14
NVD
NVD
added 2018/06/21 8:29 p.m.23 views

CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel...

5.6CVSS5.9AI score0.00611EPSS
Exploits0References25
Cvelist
Cvelist
added 2018/06/21 8:0 p.m.36 views

CVE-2018-3665

System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel...

6.2AI score0.00611EPSS
Exploits0References25
Kitploit
Kitploit
added 2017/08/26 10:26 p.m.68 views

AVPASS - Tool For Leaking And Bypassing Android Malware Detection System

AVPASS is a tool for leaking the detection model of Android malware detection systems i.e., antivirus software, and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques. AVPASS is not limited to detection features used by detection systems, and...

7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2017/07/20 5:49 p.m.5 views

OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)

A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...

5.9CVSS7.3AI score0.02598EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/07/20 3:59 p.m.6 views

OpenJDK: PKCS#8 implementation timing attack (JCE, 8176760)

A covert timing channel flaw was found in the PKCS8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel...

5.9CVSS7.3AI score0.02598EPSS
Exploits0References4
OSV
OSV
added 2017/07/03 4:29 p.m.3 views

DEBIAN-CVE-2017-5361

Request Tracker RT 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2 does not use a constant-time comparison algorithm for secrets, which makes it easier for remote attackers to obtain sensitive user password information via a timing side-channel attack...

5.9CVSS6.6AI score0.01368EPSS
Exploits0References1
CNVD
CNVD
added 2016/08/02 12:0 a.m.4 views

Magento CMS Predictable Random Number Generation Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A predictable random number generation vulnerability exists in Magento CMS Attackers can exploit this vulnerability to predict random numbers and infer passwords...

7AI score
Exploits0References1
Mozilla
Mozilla
added 2015/07/02 12:0 a.m.45 views

Out-of-bound read while computing an oscillator rendering range in Web Audio — Mozilla

Security researcher Holger Fuhrmannek used the Address Sanitizer tool to discover an out-of-bound read while computing an oscillator rendering range in Web Audio. This could allow an attacker to infer the contents of four bytes of memory...

5CVSS4.9AI score0.02741EPSS
Exploits0References2Affected Software4
myhack58
myhack58
added 2014/08/25 12:0 a.m.20 views

Researchers to 9 2% The success rate of hijacking the Gmail application-vulnerability warning-the black bar safety net

You from a third party site to download a Wallpaper application, it does not require any permissions, so you figure it won't be the malicious applications. But the University of California, Riverside researchers published a study PDF that does not require any permission the app can also steal you...

1.8AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2013/09/30 12:0 a.m.5 views

TCP Off Path Sequence Number Inference

An Internet connection hijack vulnerability has been reported in network devices...

6.9AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/02/20 9:41 p.m.9 views

SSL/TLS: CBC padding timing attack (lucky-13)

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct...

2.6CVSS6.8AI score0.35584EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2012/06/06 11:42 p.m.4 views

Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via crafted JavaScript code...

9.3CVSS6.2AI score0.03159EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/06/05 8:56 p.m.5 views

Mozilla: Miscellaneous memory safety hazards (rv:13.0/ rv:10.0.5) (MFSA 2012-34)

jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ESR 10.x before 10.0.5 does not properly determine data types, which allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via crafted JavaScript code...

9.3CVSS6.2AI score0.03159EPSS
Exploits0References4
exploitpack
exploitpack
added 2012/04/25 12:0 a.m.26 views

mount.cifs - chdir() Arbitrary Root File Identification

mount.cifs - chdir Arbitrary Root File Identification Blueliv Advisory 2012-004 - Discovered by: Jesus Olmos Gonzalez at Blueliv - Risk: 5/5 - Impact: 1/5 1. VULNERABILITY ------------------------- linux privileged and arbitrary chdir, this leads to an arbitary file identification as root. 2...

Exploits0
Tenable Nessus
Tenable Nessus
added 2011/09/29 12:0 a.m.39 views

FreeBSD : Mozilla -- multiple vulnerabilities (1fade8a3-e9e8-11e0-9580-4061862b8c22)

The Mozilla Project reports : MFSA 2011-36 Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 MFSA 2011-37 Integer underflow when using JavaScript RegExp MFSA 2011-38 XSS via plugins and shadowed window.location object MFSA 2011-39 Defense against multiple Location headers due to CRLF...

10CVSS8.3AI score0.05312EPSS
Exploits5References23
Mozilla
Mozilla
added 2011/09/27 12:0 a.m.21 views

Inferring keystrokes from motion data — Mozilla

University of California, Davis researchers Liang Cai and Hao Chen presented a paper at the 2011 USENIX HotSec workshop on inferring keystrokes from device motion data on mobile devices. Web pages can now receive data similar to the apps studied in that paper and likely present a similar risk. We...

6.7AI score
Exploits0References1Affected Software2
FreeBSD
FreeBSD
added 2011/09/27 12:0 a.m.54 views

Mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2011-36 Miscellaneous memory safety hazards rv:7.0 / rv:1.9.2.23 MFSA 2011-37 Integer underflow when using JavaScript RegExp MFSA 2011-38 XSS via plugins and shadowed window.location object MFSA 2011-39 Defense against multiple Location headers due to CRLF...

10CVSS9.8AI score0.05312EPSS
Exploits5References10
Rows per page
Query Builder