Highest Voted 'vulnerability' Questions - IT Security Stack Exchange

248

votes

4 answers

SSL3 "POODLE" Vulnerability

Canonical question regarding the recently disclosed padding oracle vulnerability in SSL v3. Other identical or significantly similar questions should be closed as a duplicate of this one. What is the POODLE vulnerability? I use…

asked Oct 14 '14 at 23:50

tylerl

82,225
25
148
226

171

votes

3 answers

Meltdown and Spectre Attacks

Canonical question regarding the 2018 Jan. disclosed Meltdown and Spectre Attacks. Other identical or significantly similar questions should be closed as a duplicate of this one. Main concerns What is speculative execution and what does it…

vulnerability known-vulnerabilities side-channel meltdown spectre

asked Jan 05 '18 at 13:41

M'vy

13,033
3
47
69

141

votes

17 answers

Is exploit-free software possible?

I have heard that there will always be vulnerabilities in codes, software. However, I don't understand why it is not possible to have an exploit-free software. If companies keep updating their software, eventually there will be no vulnerabilities,…

vulnerability theory

asked Oct 20 '19 at 20:19

Zheer

1,165
3
8
10

127

votes

2 answers

How is the Heartbleed exploit even possible?

I have read about the Heartbleed OpenSSL vulnerability and understand the concept. However what I don't understand is the part where we pass 64k as the length and the server returns 64kb of random data because it does not check whether we really…

tls openssl vulnerability heartbleed

asked Oct 10 '16 at 20:03

Talha Sayed

1,001
2
8
8

124

votes

8 answers

Are there technical differences which make Linux less vulnerable to virus than Windows?

What makes Linux so different than Windows in terms of anti-virus needs? My question is not if I should get an anti-virus for my Linux. I perfectly understand why an AV is important. I would like to understand if there are conceptual (technical)…

windows linux antivirus vulnerability

asked Aug 05 '15 at 18:59

user69377

108

votes

15 answers

How can I argue against: "System is unhackable so why patch vulnerabilities?"

An operating system has reached End of Support (EoS) so no more security patches are coming for the OS ever. An embedded device running this OS needs to be updated to a newer version. However, the engineers who designed the original product feel…

vulnerability vulnerability-assessment

asked Dec 22 '17 at 09:33

Ken

1,091
2
6
5

92

votes

6 answers

Why does my IT department block Firefox?

We received a message from the IT bods this week stating: Summary of the issue: IT will disabling and blocking the use of the browser Firefox next Thursday the 03.12.20 on all IT managed devices. Due to certain vulnerabilities and security risks…

vulnerability firefox

asked Nov 28 '20 at 23:33

Sam

673
1
3
6

92

votes

9 answers

Is it a security vulnerability if the addresses of university students are exposed?

I am sorry for my lack of knowledge in this matter. My university (basically an international university in the UK that has students from different countries) has a website which requires the students to login before they can access their…

privacy vulnerability

asked Jan 04 '17 at 10:39

Ghulam Ali

875
1
6
9

86

votes

3 answers

Does CVE-2021-44228 impact Log4j ports?

Log4j has been ported to other languages, such as log4perl, log4php, log4net, and log4r. Are these ports vulnerable to CVE-2021-44228 as well? I believe that they aren't because the vulnerability uses JNDI (Java Naming and Directory Interface),…

vulnerability log4shell

asked Dec 10 '21 at 17:48

Fire Quacker

2,432
1
19
29

81

votes

13 answers

Is divide-by-zero a security vulnerability?

Even though sometimes software bugs and vulnerabilities are deemed as the same concept, there must be at least one distinct aspect between them, and I think the most prominent one is exploitability (the latter one having the property). What I'm…

exploit attacks vulnerability

asked Mar 04 '19 at 01:15

Gwangmu Lee

859
1
5
7

80

votes

8 answers

How is 'Removing RAM' a security risk?

Today I was watching a video on 'Ethical Hacking' where, while discussing hardware attacks, the narrator said: Removing RAM or components from a desktop or a laptop Here's a screenshot: I understand that removing stuff like storage drives is a…

vulnerability hardware physical physical-access

asked May 19 '16 at 11:37

undo

2,075
2
12
18

72

votes

3 answers

CVE-2018-10933 - Bypass SSH Authentication - libssh vulnerability

Looks like CVE-2018-10933 was just released today and you can find a summary here from libssh here Summary: libssh versions 0.6 and above have an authentication bypass vulnerability in the server code. By presenting the server an…

authentication ssh vulnerability

asked Oct 16 '18 at 18:17

User0813484

597
1
4
4

64

votes

2 answers

Does removing a GUI from a server make it less vulnerable?

Lately, I was watching an online video about Microsoft Certified Solutions Associate (MCSA) and in one of the videos it says "removing GUI from Windows server makes it less vulnerable." Is that true? If so, how does removing the GUI have that…

windows vulnerability windows-server

asked Aug 26 '18 at 14:35

R1W

1,617
3
15
30

64

votes

3 answers

Are staggered roll outs of security patches bad?

Many Android devices, including the Google Nexus line, are now receiving monthly security patches via OTA updates, accompanied by the Android Security Bulletins. However, these updates are often released in what is known as "staggered roll outs,"…

android vulnerability google disclosure patching

asked May 16 '16 at 04:39

tonytan

698
5
8

63

votes

1 answer

Who "brands" vulnerabilities?

It appears that every time there's a vulnerability discovered major enough to hit the news, its been assigned a brand name and often even a logo. Heartbleed, Spectre, Meltdown, Foreshadow, etc. Who decides and produces these? Is it typically the…

vulnerability

asked Aug 15 '18 at 12:36

Kai

615
5
6

Questions tagged [vulnerability]