CVE-2019-2241

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer...

Design/Logic Flaw

While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading to unintended SUI behaviour in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer...

EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2019-1745)

According to the versions of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - OpenJDK: Improper field access checks CVE-2018-3169 - OpenJDK: Font layout engine out of bounds access setCurrGlyphID CVE-2019-2698 ...

GNU C Library Security Bypass Vulnerability

The GNU C Library glibc, libc6 is an open-source, free C compiler released under the LGPL license. A security vulnerability exists in glibc in the GNU C Library. An attacker can exploit this vulnerability to bypass ASLR...

DEBIAN-CVE-2019-1010025

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthreadcreated thread. The component is: glibc. NOTE: the vendor's position is "ASLR bypass itself is not a vulnerability...

UBUNTU-CVE-2019-1010024

GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass ASLR using cache of thread stack and heap. The component is: glibc. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat...

The vulnerability of the GShell.dll library in the information protection system against unauthorized access by Storm NT allows a perpetrator to bypass the ASLR protection mechanism.

The vulnerability of the GShell.dll library in the information protection system against unauthorized access is related to the incorrect implementation of address space randomization ASLR. Exploiting this vulnerability can allow an intruder acting locally to bypass the ASLR protection mechanism...

UBUNTU-CVE-2019-10639

The Linux kernel 4.x starting from 4.1 and 5.x before 5.0.8 allows Information Exposure partial kernel address disclosure, leading to a KASLR bypass. Specifically, it is possible to extract the KASLR kernel image offset using the IP ID values the kernel produces for connection-less protocols e.g....

Oracle Business Intelligence Publisher Multiple Vulnerabilities (Jul 2017 CPU)

The version of Oracle Business Intelligence Publisher running on the remote host is 11.1.1.7.x prior to 11.1.1.7.170718, 11.1.1.9.x prior to 11.1.1.9.170718, 12.2.1.1.x prior to 12.2.1.1.170718, or 12.2.1.2.x prior to 12.2.1.2.170718. It is, therefore, affected by multiple vulnerabilities as note...

PRODSECBUG-2296: Arbitrary code execution through design layout update

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2298: Arbitrary code execution through product imports and design layout update

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

PRODSECBUG-2232: Arbitrary code execution via layout manipulation

More info at https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-13...

For a suspected CVE-2016-0189 the original attack sample debugging-vulnerability warning-the black bar safety net

Last year at the end of 10, I get a public view is not quite the same as CVE-2016-0189 the use of samples. Preliminary analysis, I think this should be the year CVE-2016-0189 of the original Attack File. Its confused approach and subsequent occurrence of CVE-2017-0149, CVE-2018-8174, CVE-2018-837...

Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-4008-3)

USN-4008-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Robert Swiecki discovered that the Linux kernel did not properly apply Address Space...

Ubuntu: Security Advisory (USN-4008-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-5394

The HPE Nonstop Maintenance Entity family of products are vulnerable to local disclosure of information, such as system layout and configuration...

Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerability (USN-4006-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4006-2 advisory. USN-4006-1 fixed a vulnerability in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel...

Ubuntu: Security Advisory (USN-4007-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4008-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

Robert Święcki discovered that the Linux kernel did not properly apply Address Space Layout Randomization ASLR in some situations for setuid elf binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid elf binary. CVE-2019-11190 It was...

USN-4006-1: Linux kernel vulnerability

Federico Manuel Bento discovered that the Linux kernel did not properly apply Address Space Layout Randomization ASLR in some situations for setuid a.out binaries. A local attacker could use this to improve the chances of exploiting an existing vulnerability in a setuid a.out binary. As a hardeni...