1146 matches found
CVE-2022-23303
The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...
Default configuration
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...
Default configuration
The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...
CVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...
CVE-2022-23303
The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...
CVE-2022-23303
The implementations of SAE in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494...
GHSA-6VFC-QV3F-VR6C Uncontrolled Resource Consumption in markdown-it
Impact Special patterns with length 50K chars can slow down parser significantly. js const md = require'markdown-it'; md.renderx $' '.repeat150000 x \nx; Patches Upgrade to v12.3.2+ Workarounds No. References Fix + test sample:...
DEBIAN-CVE-2022-21670
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...
UBUNTU-CVE-2022-21670
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...
CVE-2022-21670
markdown-it is a Markdown parser. Prior to version 1.3.2, special patterns with length greater than 50 thousand characterss could slow down the parser significantly. Users should upgrade to version 12.3.2 to receive a patch. There are no known workarounds aside from upgrading...
Markdown-It 资源管理错误漏洞
Markdown-It is a Markdown parser. A security vulnerability exists in Markdown-It, which originates from Markdown-It is a Markdown parser. Prior to version 1.3.2, special patterns greater than 50,000 characters in length significantly slowed down the parser. Users should upgrade to version 12.3.2 ...
Facebook Launches 'Privacy Center' to Educate Users on Data Collection and Privacy Options
Meta Platforms, the company formerly known as Facebook, on Friday announced the launch of a centralized Privacy Center that aims to "educate people" about its approach with regards to how it collects and processes personal information across its family of social media apps. "Privacy Center provid...
Log4Shell log4j Remote Code Execution – The COVID of the Internet
The Log4Shell zero day vulnerability is truly one of the most significant security threats of the past decade and its effects will be felt far into 2022 and beyond. Imperva has observed over 102M exploitation attempts across thousands of sites protected by Imperva Cloud Web Application Firewall...
FreeBSD : OpenSearch -- Log4Shell (b0f49cb9-6736-11ec-9eea-589cfc007716)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b0f49cb9-6736-11ec-9eea-589cfc007716 advisory. - It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain...
Security Bulletin: Multiple vulnerabilities in WebSphere Application Server shipped with IBM WebSphere Application Server Patterns
Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in a security bulletin. Vulnerability Details CVEID: CVE-2021-4104 DESCRIPTION: Apache...
Ransom DDoS Enters its Fourth Wave
Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...