16 matches found
UBUNTU-CVE-2024-1545
Fault Injection vulnerability in RsaPrivateDecryption function in wolfssl/wolfcrypt/src/rsa.c in WolfSSL wolfssl5.6.6 on Linux/Windows allows remote attacker co-resides in the same system with a victim process to disclose information and escalate privileges via Rowhammer fault injection to the...
CVE-2023-48733
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...
CVE-2023-49721
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...
Default configuration
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...
CVE-2023-49721
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...
CVE-2023-49721
CVE-2023-49721 describes an insecure default in Ubuntu’s EDK2 firmware where UEFI Shell access was left enabled in LXD, enabling an OS-resident attacker with local access to bypass Secure Boot. Connected documents corroborate a cross-release pattern (Ubuntu edk2 packages) and note remediation in ...
CVE-2023-49721
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...
CVE-2023-49721
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...
CVE-2023-48733
Summary: CVE-2023-48733 describes an insecure default in Ubuntu’s EDK2 firmware that enables the UEFI Shell, allowing an OS-resident attacker to bypass Secure Boot locally. What is affected: Ubuntu’s edk2 UEFI firmware packages (EDK2) shipped with a default that enables the UEFI Shell. Root cause...
CVE-2023-48733
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...
CVE-2023-48733
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...
CVE-2023-49721
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot...
CVE-2023-48733
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...
Know your enemy! The four types of cyber attackers trying to breach your security today
As business needs compel organizations to manage an ever-increasing number of database types, both on-premise and in the cloud, the threat surface has also become larger and far more difficult to manage effectively. The bad actors out there know this, too. They are constantly probing, testing, an...
openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)
A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information...
OpenSSL: Side channel attack on modular exponentiation
A side-channel attack was found that makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture. An attacker who has the ability to control code in a thread running on the same hyper-threaded core as the victim's thread that is performing decryption, could use this flaw to...