124 matches found
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...
FROST: Fingerprinting Remotely Using OPFS-based SSD Timing
Prior work showed that variations in SSD access time can be used to leak information about user activity, e.g., the websites a user accesses, and for covert data transmission. To achieve this, SSD contention side channels require accurate high-resolution timing measurements of I/O operations, e.g...
Websites Can Now Spy on You Through Your Hard Drive
Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...
Intel Memory and Storage Tool 安全漏洞
Intel Memory and Storage Tool is a utility tool developed by Intel Corporation in the United States, used for managing and monitoring Intel Solid State Disks SSD and memory modules. Prior to version 2.5.2 of Intel Memory and Storage Tool, there were security vulnerabilities. These vulnerabilities...
CVE-2025-13844
CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...
EUVD-2026-2706
CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file SSD file into Rapsody...
Schneider Electric EcoStruxure Power Build Rapsody resource management error vulnerability
Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform developed by Schneider Electric, a French company. Schneider Electric EcoStruxure Power Build Rapsody has a resource management vulnerability; this vulnerability stems from a double release issue during the import o...
CVE-2023-31199
Improper access control in the IntelR Solid State Drive ToolboxTM before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access...
PT-2025-48702
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to read and modify the Appliance SSD contents because they are unencrypted...
EUVD-2017-14772
Malware in sbrugna...
EUVD-2018-9835
Malware in sbrugna...
EUVD-2017-14771
Malware in sbrugna...
EUVD-2017-14765
Malware in sbrugna...
EUVD-2023-35515
Malicious code in bioql PyPI...
Solidigm DC Products 安全漏洞
Solidigm DC Products is a line of solid state drives from Solidigm. A security vulnerability exists in Solidigm DC Products that stems from improper validation of firmware inputs, which could result in a denial of service...