AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. The “Take A Way” attack, so-called by researchers with the Graz University of Technology in a new analysis this weekend, is a side-channel attack...

AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

AMD is seeking to downplay side-channel attacks that can leak potentially sensitive data from its processors released between 2011 and 2019. The “Take A Way” attack, so-called by researchers with the Graz University of Technology in a new analysis this weekend, is a side-channel attack...

9 Years of AMD Processors Vulnerable to 2 New Side-Channel Attacks

AMD processors from as early as 2011 to 2019 carry previously undisclosed vulnerabilities that open them to two new different side-channel attacks, according to a freshly published research. Known as "Take A Way," the new potential attack vectors leverage the L1 data L1D cache way predictor in...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2020-5560)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5560 advisory. 2.6.39-400.320.1 - rds: Avoid flushing MRs in rdsrdmadropkeys aru kolappan Orabug: 30650888 - media: b2c2-flexcop-usb: add sanity checking Oliver Neukum...

CVE-2019-10546

Buffer overflow can occur in WLAN firmware while parsing beacon/proberesponse frames during roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wire...

CVE-2019-10546

CVE-2019-10546 describes a buffer overflow in WLAN firmware when parsing beacon/probe_response frames during roaming on Qualcomm Snapdragon platforms (Auto, Compute, Connectivity, and others including APQ8096/.. SXR2130). Affected hardware spans numerous Snapdragon SoCs, including IPQ/MDM/SDM fam...

Promise-probe Command Injection Vulnerability

Promise-probe is a probe module. A command injection vulnerability exists in promise-probe versions prior to 0.10.0. The vulnerability stems from a network system or product not properly filtering specific elements of externally entered data during the construction of executable commands. An...

CVE-2019-10791

promise-probe before 0.10.0 allows remote attackers to perform a command injection attack. The file, outputFile and options functions can be controlled by users without any sanitization...

CVE-2019-10791

The CVE-2019-10791 issue affects the Node.js module promise-probe. The root cause is lack of sanitization in the file, outputFile and options functions, enabling remote command injection when untrusted input is used. Public references from Red Hat, GHSA, OSV, and Snyk corroborate a severe impact ...

Buffer overflow

Buffer overflow in the auerswaldprobe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system...

A week in security (February 3 – 9)

Last week on Malwarebytes Labs, we looked at Washington state’s latest efforts in providing better data privacy rights for their residents, and we dove into some of the many questions regarding fintech: What is it? How secure is it? And what are some of the problems in the space? We also detailed...

Command Injection

Overview promise-probe is a FFprobe wrapper. Affected versions of this package are vulnerable to Command Injection via the ffprobefile and createMuteOggoutputFile, options functions. file,outputFile,options can be controlled by users without any sanitization PoC by JHU System Security Lab js var...

PT-2020-6487 · FFmpeg +4 · Ffmpeg +4

Name of the Vulnerable Software and Affected Versions: ffmpeg versions prior to 4.3 Description: The issue is related to the tty demuxer in the FFmpeg library, which did not have a read probe function assigned to it. This can be exploited by crafting a legitimate "ffconcat" file that references a...

CVE-2018-10846

A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario...

The vulnerability of the fsl_lpspi_probe() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the fsllpspiprobe function drivers/spi/spi-fsl-lpspi.c in the Linux kernel involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

Vulnerability of the crypto_report() function (crypto/crypto_user_base.c) in the Linux kernel, allowing a hacker to trigger a service failure

The vulnerability of the rtlusbprobe function crypto/cryptouserbase.c in the Linux kernel involves an uncontrolled consumption of resources. Exploiting this vulnerability could allow a hacker to cause a service failure...

Vulnerability of the cx23888_ir_probe() function (drivers/media/pci/cx23885/cx23888-ir.c) in the Linux kernel, allowing a hacker to cause a service failure

The vulnerability of the cx23888irprobe function in the Linux kernel’s drivers/media/pci/cx23885/cx23888-IR.c file leads to uncontrolled resource consumption. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2011-3600

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figur...

DEBIAN-CVE-2019-19075

A memory leak in the ca8210probe function in drivers/net/ieee802154/ca8210.c in the Linux kernel before 5.3.8 allows attackers to cause a denial of service memory consumption by triggering ca8210getplatformdata failures, aka CID-6402939ec86e...

DEBIAN-CVE-2019-19070

A memory leak in the spigpioprobe function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering devmaddactionorreset failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the...