IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [known-vulnerabilities]

A vulnerability which is known to the designers, implementers, or operators of the system, but has not been corrected.

370 questions
248
votes
4 answers

SSL3 "POODLE" Vulnerability

Canonical question regarding the recently disclosed padding oracle vulnerability in SSL v3. Other identical or significantly similar questions should be closed as a duplicate of this one. What is the POODLE vulnerability? I use…
tylerl
  • 82,225
  • 25
  • 148
  • 226
213
votes
5 answers

What is a specific example of how the Shellshock Bash bug could be exploited?

I read some articles (article1, article2, article3, article4) about the Shellshock Bash bug (CVE-2014-6271 reported Sep 24, 2014) and have a general idea of what the vulnerability is and how it could be exploited. To better understand the…
Rob Bednark
  • 1,435
  • 3
  • 10
  • 9
171
votes
3 answers

Meltdown and Spectre Attacks

Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one. Main concerns What is speculative execution and what does it…
M'vy
  • 13,033
  • 3
  • 47
  • 69
94
votes
3 answers

Stack Overflows - Defeating Canaries, ASLR, DEP, NX

To prevent buffer overflows, there are several protections available such as using Canary values, ASLR, DEP, NX. But, where there is a will, there is a way. I am researching on the various methods an attacker could possibly bypass these protection…
sudhacker
  • 4,260
  • 5
  • 23
  • 34
70
votes
7 answers

What is the possible impact of dirtyc0w a.k.a. "Dirty COW" bug?

I heard about Dirty COW but couldn't find any decent writeup on the scope of the bug. It looks like the exploit can overwrite any non-writable file, which makes me guess that local root is possible via substitution of SUID programs. Is that right?…
d33tah
  • 6,524
  • 8
  • 38
  • 60
59
votes
1 answer

What's the Impact of the CloudFlare Reverse Proxy Bug? ("#CloudBleed")

In Project Zero #1139, it was disclosed that CloudFlare had a bug which disclosed uninitialized memory, leaking private data sent through them via SSL. What's the real impact?
Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
57
votes
6 answers

Should we release the security issues we found in our product as CVE or we can just update those on weekly release notes?

We are a vendor providing a product that is being used in enterprises. We know that those companies having periodic CVE scans on products they are using part of their vulnerability management process. My question is, do we have to raise a CVE if our…
Filipon
  • 1,204
  • 10
  • 22
57
votes
3 answers

My Android phone is vulnerable, but there are no updates?

I bought brand new HTC Desire 526G with operating system 4.4.2 (Kitkat), everything is as it should be (not rooted) so it is still on factory settings. But now I didn't get for a long time any security updates, I have checked manually in system…
user134969
  • 1,298
  • 4
  • 15
  • 24
56
votes
5 answers

IMG tag vulnerability

Is it safe to display images from arbitrary domains? I.e. let's say I have an image on my page: What if image.gif will return some js attack vector, but not the image? Is there any known vectors? I've tried…
Paul Podlipensky
  • 2,837
  • 4
  • 21
  • 25
47
votes
7 answers

Why is application crash considered insecure?

If an application crashes, the program stops and there is nothing anyone can do about it, other than starting the program again. Crash is a bad behaviour in general and should be avoided, but why are they seen as security vulnerability?
Manoj R
  • 533
  • 4
  • 8
44
votes
3 answers

Should I disable TLS 1.0 on my servers?

The PCI Data Security Standard 3.1 recommends disabling "early TLS" along with SSL: SSL and early TLS are not considered strong cryptography and cannot be used as a security control after June 30, 2016. The Migrating from SSL and Early TLS…
augurar
  • 583
  • 1
  • 4
  • 7
39
votes
2 answers

What are the main vulnerabilities of TLS v1.1?

What are the main vulnerabilities of TLS v1.1? Actually, no RFC describes v1.1 vulnerabilities, neither what pushed them to change to the new protocol 1.2 except the description given in section 1.2 of RFC 5246. Please note that I do not mean…
melostap
  • 565
  • 1
  • 4
  • 8
38
votes
5 answers

How secure are my passwords in the hands of Firefox using a Master Password?

I'm relying on Firefox to remember my passwords, using a Master Password of more than 25 characters. How secure is this set-up?
Roger C S Wernersson
  • 3,060
  • 4
  • 18
  • 12
36
votes
6 answers

On Windows boxes, is patching for Spectre and Meltdown necessary?

From what I've read, Spectre and Meltdown each require rogue code to be running on a Windows box in order for attacks to take place. The thing is, once a box has rogue code running, it's already compromised. Given that the Microsoft patches for…
RockPaperLz- Mask it or Casket
  • 3,114
  • 21
  • 50
35
votes
11 answers

Vulnerable OS's?

Which vulnerable OS's like for example DVL would you recommend for someone to use for the purpose of pentest/exploitation learning?
tkit
  • 3,272
  • 5
  • 28
  • 36
1
2 3
24 25