bind: Limiting simultaneous TCP clients is ineffective

A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone...

hostapd and wpa_supplicant information disclosure vulnerabilities

hostapd is a user space daemon for access points and authentication servers. wpasupplicant is a cross-platform WPA request program. The program supports WEP, WPA, and WPA2, among others. An information disclosure vulnerability exists in the implementation of SAE and EAP-pwd in versions 2.x throug...

bind: Limiting simultaneous TCP clients is ineffective

A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone...

Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis of under-vulnerability warning-the black bar safety net

Buffer override of the program sequence In the absence of enumeration MDCLEAR functions of the processor, certain instruction sequences can be used for cover by the MDS affect the buffer. You can point this, a detailed review of these sequences. Different processors may require different sequence...

Microarchitectural Data Sampling (MDS) Side Channel Vulnerabilities - Lenovo Support US

No description provided...

openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)

A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information...

openssl: Side-channel vulnerability on SMT/Hyper-Threading architectures (PortSmash)

A microprocessor side-channel vulnerability was found on SMT e.g, Hyper-Threading architectures. An attacker running a malicious process on the same core of the processor as the victim process can extract certain secret information...

ALPINE-CVE-2019-9494

The implementations of SAE in hostapd and wpasupplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both...

ALPINE-CVE-2019-9496

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate,...

Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Rational ClearQuest (CVE-2018-0734, CVE-2018-5407)

Summary OpenSSL vulnerabilities were disclosed on October 30 2018 and November 2 2018 by the OpenSSL Project. OpenSSL is used by IBM Rational ClearQuest. IBM Rational ClearQuest has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2018-0734 DESCRIPTION: The OpenSSL DSA signature...

CVE-2019-9601

The ApowerManager application through 3.1.7 for Android allows remote attackers to cause a denial of service via many simultaneous /?Key=PhoneRequestAuthorization requests...

Code injection

The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service service crash via many simultaneous sdctl/comm/liteauth/ requests...

OpenSSL 1.0.2 < 1.0.2q Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 1.0.2q. It is, therefore, affected by multiple vulnerabilities as referenced in the 1.0.2q advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a...

Tenable Nessus < 7.1.4 Multiple Vulnerabilities (TNS-2018-17)

According to its self-reported version, the Tenable Nessus application running on the remote host is prior to 7.1.4. It is, therefore, affected by multiple vulnerabilities: - Tenable Nessus contains a flaw in the bundled third-party component OpenSSL library's key handling during a TLS handshake...

The vulnerabilities of Intel processors based on Skylake and Kaby Lake architectures are related to implementation errors in the SMT technology, which allow attackers to exploit these vulnerabilities to disclose protected information.

The vulnerability of Intel processors with Skylake and Kaby Lake architectures is related to errors in the implementation of SMT technology. Exploiting this vulnerability can allow attackers to disclose protected information...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : OpenSSL vulnerabilities (USN-3840-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3840-1 advisory. Samuel Weiser discovered that OpenSSL incorrectly handled DSA signing. An attacker could possibly use this issue to perform a...

Updated openssl packages fix security vulnerabilities

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a Affected 1.1.1. Fixed in OpenSSL 1.1.0j Affected 1.1.0-1.1.0i. Fixed in OpenSSL 1.0.2q...

Design/Logic Flaw

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

ALPINE-CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...

DEBIAN-CVE-2018-5407

Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'...