TSX Asynchronous Abort speculative side channel

ISSUE DESCRIPTION This is very closely related to the Microarchitectural Data Sampling vulnerabilities from May 2019. Please see https://xenbits.xen.org/xsa/advisory-297.html for details about MDS. A new way to sample data from microarchitectural structures has been identified. A TSX Asynchronous...

CVE-2019-11135

TSX Asynchronous Abort condition on some CPUs utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access...

KLA12121 Multiple vulnerabilities in VMware Workstation and Player

Multiple vulnerabilities were found in VMware Workstation and Player. Malicious users can exploit these vulnerabilities to cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A denial of service vulnerability in the RPC handler can be exploited t...

HPSBHF03638 rev. 4 - Intel 2019.2 IPU BIOS Security Updates

Potential Security Impact Escalation of Privilege, Denial of Service, Information Disclosure. Source: HP, HP Product Security Response Team PSRT Reported by: Intel VULNERABILITY SUMMARY Multiple security vulnerabilities have been identified by Intel. Intel is releasing updates for BIOS, Voltage...

[SECURITY] Fedora 31 Update: libnbd-1.0.3-1.fc31

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

Fedora Update for libnbd FEDORA-2019-f6ea699dbb

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 29 Update: libnbd-1.0.3-1.fc29

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

Fedora Update for zeromq FEDORA-2019-4d8f9a9235

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for zeromq FEDORA-2019-8916b4e890

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-15766

The KSLABS KSWEB aka ru.kslabs.ksweb application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrary file to be written to and the configtext parameter set to the content of the file to be created...

[SECURITY] Fedora 29 Update: zeromq-4.1.7-1.fc29

The 0MQ lightweight messaging kernel is a library which extends the standard socket interfaces with features traditionally provided by specialized messaging middle-ware products. 0MQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering...

[SECURITY] Fedora 30 Update: zeromq-4.3.2-1.fc30

The 0MQ lightweight messaging kernel is a library which extends the standard socket interfaces with features traditionally provided by specialized messaging middle-ware products. 0MQ sockets provide an abstraction of asynchronous message queues, multiple messaging patterns, message filtering...

[SECURITY] Fedora 29 Update: libnbd-1.0.2-1.fc29

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

[SECURITY] Fedora 30 Update: libnbd-1.0.2-1.fc30

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

[SECURITY] Fedora 31 Update: libnbd-1.0.2-1.fc31

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

Fedora Update for libnbd FEDORA-2019-749d828945

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: libtevent-0.10.1-1.fc31

Tevent is an event system based on the talloc memory management library. Tevent has support for many event types, including timers, signals, and the classic file descriptor events. Tevent also provide helpers to deal with asynchronous code providing the teventreq Tevent Request functions...

CVE-2019-15867

The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13 password for the slickpopupteam account, after a Subscriber calls a certain AJAX action...

CVE-2019-15775

The nd-learning plugin before 4.8 for WordPress has a nopriv AJAX action that allows modification of the siteurl setting...

PT-2019-7689 · WordPress · Crayon Syntax Highlighter

Name of the Vulnerable Software and Affected Versions: crayon-syntax-highlighter plugin versions prior to 2.8.4 Description: The issue concerns multiple XSS problems that can be triggered via AJAX requests. Recommendations: For versions prior to 2.8.4, update to version 2.8.4 or later to resolve...