Impressum
nasuma
   

Meldungen zu

Attacker

Neueste    Heute    15.07.2019    14.07.2019    + Doppelte News  

Erinnert ihr euch an Rowhammer? Die "ich glaub ich werd Rosenzüchter"-Geschichte, wo man durch "einhämmern" auf DRAM-Adresen Änderungen bei den Nachbarn bewirken konnte? Ja?Nun, herzlich will komme
11.06.2019, 21:55 Uhr. Fefes Blog - blog.fefe.de - Erinnert ihr euch an Rowhammer? Die "ich glaub ich werd Rosenzüchter"-Geschichte, wo man durch "einhämmern" auf DRAM-Adresen Änderungen bei den Nachbarn bewirken konnte? Ja?Nun, herzlich will kommen bei RAMBleed. Stellt sich nämlich raus: Man kann auch benachbarte Zellen auslesen.Klingt jetzt nicht so schlimm, aber man muss bedenken, dass zwischen...

Benutzt hier jemand Matrix (den Crypto-Messenger)?An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to un
12.04.2019, 11:33 Uhr. Fefes Blog - blog.fefe.de - Benutzt hier jemand Matrix (den Crypto-Messenger)?An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your password now.Das war wohl...

Benutzt hier jemand wget?A buffer overflow vulnerability was found in GNU Wget 1.20.1 and earlier. An attacker may be able to cause a denial-of-service (DoS) or may execute an arbitrary code.wget ist
09.04.2019, 22:45 Uhr. Fefes Blog - blog.fefe.de - Benutzt hier jemand wget?A buffer overflow vulnerability was found in GNU Wget 1.20.1 and earlier. An attacker may be able to cause a denial-of-service (DoS) or may execute an arbitrary code.wget ist so eines der Tools, bei denen sowas eher unangenehm ist....

Benutzt hier jemand Dell-Netzwerkgeräte?Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server’s certificate a
29.01.2019, 16:27 Uhr. Fefes Blog - blog.fefe.de - Benutzt hier jemand Dell-Netzwerkgeräte?Dell Networking OS10 versions prior to 10.4.3.0 contain a vulnerability in the Phone Home feature which does not properly validate the server’s certificate authority during TLS handshake. Use of an invalid or malicious certificate could potentially allow an attacker to spoof a trusted entity by using a man-in-the-middle...

Benutzt hier jemand systemd?While the check at (A) tries to ensure that the buffer has enough space left to store the IA option, it does not take the additional 4 bytes from the DHCP6Option header int
27.10.2018, 12:06 Uhr. Fefes Blog - blog.fefe.de - Benutzt hier jemand systemd?While the check at (A) tries to ensure that the buffer has enough space left to store the IA option, it does not take the additional 4 bytes from the DHCP6Option header into account (B). Due to this the memcpy at (C) can go out-of-bound and *buflen can underflow in (D) giving an attacker a very powerful and largely controlled...

Benutzt hier jemand libssh?libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the S
17.10.2018, 08:50 Uhr. Fefes Blog - blog.fefe.de - Benutzt hier jemand libssh?libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in place of the SSH2_MSG_USERAUTH_REQUEST message which the server would expect to initiate authentication, the attacker could successfully authentciate without any credentials...

Neueste    Heute    15.07.2019    14.07.2019    + Doppelte News