Debian: Security Advisory (DLA-2383-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-7312

DLL Search Order Hijacking Vulnerability in the installer in McAfee Agent MA for Windows prior to 5.6.6 allows local users to execute arbitrary code and escalate privileges via execution from a compromised folder...

PT-2020-18471 · Pivotal +1 · Rabbitmq

Name of the Vulnerable Software and Affected Versions: RabbitMQ versions 3.8.x prior to 3.8.7 Description: The issue allows for arbitrary code execution due to a Windows-specific binary planting security vulnerability. An attacker with write privileges to the RabbitMQ installation directory and...

CVE-2020-22721

A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program...

CVE-2020-8913

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a...

USN-4451-2 ppp vulnerability

USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker...

CVE-2020-4551

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

CVE-2020-4552

CVE-2020-4552 affects IBM i2 Analyst’s Notebook 9.2.1 (and related IBM i2 products) and is caused by a memory corruption vulnerability that could allow a local attacker to execute arbitrary code by persuading a user to open a specially crafted file. The CVSS-derived assessments in the sources cit...

CVE-2020-4551

CVE-2020-4551 affects IBM i2 Analyst’s Notebook and IBM i2 Analyst’s Notebook Premium (versions 9.2.1 and 9.2.2). The issue is a memory corruption weakness that could allow a local attacker to execute arbitrary code by convincing a user to open a specially crafted file. IBM’s bulletin confirms me...

USN-4432-1 grub2, grub2-signed vulnerabilities

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...

SonicWall NetExtender Windows client input validation error vulnerability

SonicWall NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWall USA. An input validation error vulnerability exists in SonicWall NetExtender Windows client version 9.0.815 and earlier. A local attacker can exploit the vulnerability by...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This...

Multiple VMware Products Resource Management Error Vulnerability (CNVD-2021-24356)

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...

SUSE-SU-2020:1775-1 Security update for the Linux Kernel (Live Patch 0 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-120 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access bsc1172437. - CVE-2018-1000199: Fixed a potential local code execution via ptrac...

SUSE-SU-2020:1754-1 Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP4)

This update for the Linux Kernel 4.12.14-9532 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access bsc1172437. - CVE-2018-1000199: Fixed a potential local code execution via ptra...

hw: Special Register Buffer Data Sampling (SRBDS)

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this fl...

SUSE-SU-2020:1656-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-13233: Fixed a race condition between modifyldt and a BR exception for an MPX bounds violation bsc1144502. - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon...

SUSE-SU-2020:1671-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19710 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access bsc1172437. - CVE-2019-15666: Fixed an out of bounds read xfrmpolicyunlink,...

SUSE-SU-2020:1646-1 Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19718 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access bsc1172437. - CVE-2018-1000199: Fixed a potential local code execution via...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...