The Cost of Cybercrime

Really interesting paper calculating the worldwide cost of cybercrime: Abstract: In 2012 we presented the first systematic study of the costs of cybercrime. In this paper,we report what has changed in the seven years since. The period has seen major platform evolution, with the mobile phone...

Security Bulletin: Multiple Vulnerabilities in IBM HTTP Server bundled with IBM WebSphere Application Server Patterns (CVE-2019-0211 CVE-2019-0220)

Summary IBM HTTP Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting IBM HTTP Server have been published in a security bulletin. Vulnerability Details Please consult the following security bulletin for vulnerability...

Arbitrary Code Execution

rh-mariadb100-mariadb is vulnerable to arbitrary code execution. The vulnerability exists as the compilebranch function in pcrecompile.c mishandles patterns containing an ACCEPT substring...

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

Default configuration

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

CVE-2019-9495

CVE-2019-9495 affects hostapd and wpa_supplicant with EAP-pwd support; vulnerable due to cache access-pattern side-channel. Astra Linux and other sources reinforce that before 2.10, both hostapd and wpa_supplicant are affected. Impact: potential exposure via side-channel, capable of cracking weak...

CVE-2019-9495 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

CVE-2019-9495

The implementations of EAP-PWD in hostapd and wpasupplicant are vulnerable to side-channel attacks as a result of cache access patterns. All versions of hostapd and wpasupplicant with EAP-PWD support are vulnerable. The ability to install and execute applications is necessary for a successful...

CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1221)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A new software page cache side channel attack scenario was discovered in operating systems that implement the very common 'page cach...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Please consult the following...

Security Bulletin: Multiple Vulnerabilities in WebSphere Application Server bundled with IBM WebSphere Application Server Patterns

Summary WebSphere Application Server is shipped as a component of IBM WebSphere Application Server Patterns. Information about security vulnerabilities affecting WebSphere Application Server have been published in multiple security bulletins. Vulnerability Details Please consult the following...

Own Your Digital Future: Cloud Migration Best Practices

Many organizations are well underway on their journey to using cloud platforms to become more agile, reduce costs, and drive efficiencies. Nobody wants to reinvent the wheel though so to speak, and reusing established design patterns can be the difference between a delayed rollout and a fast and...

PT-2019-19426

Name of the Vulnerable Software and Affected Versions GNU C Library aka glibc or libc6 versions prior to 2.30 Description The issue is related to Uncontrolled Recursion in the check dst limits calc pos 1 function in posix/regexec.c. This can be demonstrated by using a crafted pattern '|11' in gre...

CVE-2019-6266

Cordaware bestinformed Microsoft Windows client before 6.2.1.0 is affected by insecure SSL certificate verification and insecure access patterns. These issues allow remote attackers to downgrade encrypted connections to cleartext...