NewStart CGSL CORE 5.05 / MAIN 5.05 : gcc Multiple Vulnerabilities (NS-SA-2019-0233)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gcc packages installed that are affected by multiple vulnerabilities: - Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service Fortran application crash...

[20200102] - Core - CSRF com_templates LESS compiler

A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...

e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability

Lilith of Cisco Talos reports: A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger...

RetDec - A Retargetable Machine-Code Decompiler Based On LLVM

RetDec is a retargetable machine-code decompiler based on LLVM. The decompiler is not limited to any particular target architecture, operating system, or executable file format: Supported file formats: ELF, PE, Mach-O, COFF, AR archive, Intel HEX, and raw machine code Supported architectures:...

DEBIAN-CVE-2019-19602

fpregsstatevalid in arch/x86/include/asm/fpu/internal.h in the Linux kernel before 5.4.2, when GCC 9 is used, allows context-dependent attackers to cause a denial of service memory corruption or possibly have unspecified other impact because of incorrect fpufpregsownerctx caching, as demonstrated...

EulerOS Virtualization for ARM 64 3.0.2.0 : gcc (EulerOS-SA-2019-2308)

According to the version of the gcc packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - This is compiler for arm64. Security Fixes:The POWER9 backend in GNU Compiler Collection GCC before version 10 could optimiz...

SUSE SLED15 / SLES15 Security Update : gcc9 (SUSE-SU-2019:3061-1)

This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on : https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgccs1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++'...

SUSE-SU-2019:3061-1 Security update for gcc9

This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgccs1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' ...

VMware WorkStation 12.5.5 - Virtual Machine Escape Exploit

VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.5 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. Not quite elaborate because I'm not good at doing heap "fengshui" on winows...

SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn't perform authentication against SMB everything is performed over DCERPC. The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn...

Intel Graphics Driver Code Issue Vulnerability

Intel Graphics Driver is the Intel graphics card driver. A pointer corruption vulnerability exists in the Unified Shader Compiler in versions prior to Intel Graphics Driver 10.18.14.5074. An attacker could exploit this vulnerability to achieve elevation of privilege...

CVE-2019-11111

Pointer corruption in the Unified Shader Compiler in IntelR Graphics Drivers before 10.18.14.5074 aka 15.36.x.5074 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-11111

Pointer corruption in the Unified Shader Compiler in IntelR Graphics Drivers before 10.18.14.5074 aka 15.36.x.5074 may allow an authenticated user to potentially enable escalation of privilege via local access...

Null pointer dereference

Pointer corruption in the Unified Shader Compiler in IntelR Graphics Drivers before 10.18.14.5074 aka 15.36.x.5074 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2019-11111

Summary: CVE-2019-11111 is a pointer corruption vulnerability in the Unified Shader Compiler of Intel Graphics Drivers prior to 10.18.14.5074 (≈15.36.x.5074) that may allow an authenticated local attacker to escalate privileges. Affected component: Intel Graphics Drivers (Unified Shader Compiler,...

Intel IGC64.DLL shader functionality DCL_INDEXABLE_TEMP denial-of-service vulnerability

Summary An exploitable memory corruption vulnerability exists in Intel’s IGC64.DLL graphics driver, versions 26.20.100.6709 and 26.20.100.6861. A specially crafted pixel shader can cause an out-of-bounds memory read. An attacker can provide a specially crafted shader file to trigger this...

new packages: gcc-toolset-9-gdb

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-gdb packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

ALBA-2019:3455 new packages: gcc-toolset-9-ltrace

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-ltrace packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...

new packages: gcc-toolset-9-ltrace

An update is available for gcc-toolset-9-ltrace. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset is a compiler toolset that provides recent versions ...

new packages: gcc-toolset-9-ltrace

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. This enhancement update adds the gcc-toolset-9-ltrace packages to AlmaLinux Eneterprise Linux 8. For instructions on usage, see Using GCC...