7767 matches found
Debian DSA-4812-1 : xen - security update
Multiple vulnerabilities have been discovered in the Xen hypervisor : Several security issues affecting Xenstore could result in cross domain access denial of service, information leaks or privilege escalation or denial of service against xenstored. Additional vulnerabilities could result in...
CVE-2020-29567
An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checke...
infinite loop when cleaning up IRQ vectors
ISSUE DESCRIPTION When moving IRQs between CPUs to distribute the load of IRQ handling, IRQ vectors are dynamically allocated and de-allocated on the relevant CPUs. De-allocation has to happen when certain constraints are met. If these conditions are not met when first checked, the checking CPU m...
oxenstored: node ownership can be changed by unprivileged clients
ISSUE DESCRIPTION Nodes in xenstore have an ownership. In oxenstored, a owner could give a node away. But node ownership has quota implications. Any guest can run another guest out of quota, or create an unbounded number of nodes owned by dom0, thus running xenstored out of memory IMPACT A...
Facebook Tracks APT32 OceanLotus Hackers to IT Company in Vietnam
Cybersecurity researchers from Facebook today formally linked the activities of a Vietnamese threat actor to an IT company in the country after the group was caught abusing its platform to hack into people's accounts and distribute malware. Tracked as APT32 or Bismuth, OceanLotus, and Cobalt Kitt...
Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat...
Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat...
Microsoft Azure DevOps Server Input Validation Error Vulnerability
Microsoft Azure DevOps Server is a suite of software development collaboration tools from Microsoft Corporation USA. The product includes features such as sharing code, work tracking, and software distribution. A security vulnerability exists in Microsoft Azure DevOps Server. No details of the...
OpenSSL 1.0.2 < 1.0.2x Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.0.2x. It is, therefore, affected by a vulnerability as referenced in the 1.0.2x advisory. - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName...
OpenSSL 1.1.1 < 1.1.1i Vulnerability
The version of OpenSSL installed on the remote host is prior to 1.1.1i. It is, therefore, affected by a vulnerability as referenced in the 1.1.1i advisory. - The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName...
Unspecified Vulnerability in Schneider Electric Easergy T300 (CNVD-2021-19762)
Easergy T300 is a new generation of intelligent terminals for distribution network automation, adhering to the design concepts of "modularity, flexibility, and application orientation", which can be widely used in medium-voltage distribution network management, fault location, isolation, and...
Amazon Linux 2 : openssl, openssl11 (ALAS-2020-1573)
The version of openssl installed on the remote host is prior to 1.0.2k-19. The version of openssl11 installed on the remote host is prior to 1.1.1c-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1573 advisory. A null pointer dereference flaw was found in openssl...
Amazon Linux AMI : openssl (ALAS-2020-1456)
The version of openssl installed on the remote host is prior to 1.0.2k-16.152. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1456 advisory. A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERALNAMEcmp...
ALPINE-CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...
CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...
Null pointer dereference
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...
CVE-2020-1971 EDIPARTYNAME NULL pointer dereference
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...
CVE-2020-1971
The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERALNAMEcmp which compares different instances of a GENERALNAME to see if they are equal or not. This function behaves incorrect...
CVE-2020-1971
CVE-2020-1971 is described across multiple connected sources as a NULL-dereference in OpenSSL’s GENERAL_NAME_cmp when EDIPARTYNAME is present, potentially enabling a denial-of-service crash. Affected OpenSSL versions include all 1.1.1 and 1.0.2 lines; fixes are published in OpenSSL 1.1.1i and Ope...
Schneider Electric Easergy T300 安全漏洞
Easergy T300 is a new generation intelligent terminal for distribution network automation, which is designed with the concept of "Modularity, Flexibility, and Application Oriented", and can be widely used in medium voltage distribution network management, fault location, isolation, and restoratio...