SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2020:0801-1 Rating: important References: 1051510 1058115 1065729 1071995 1082555 1083647 1089895 1090036 1103990 1103991 1103992 1104745 1109837 1111666 1112178 1112374 1113956 1114279 1124278 1127354...

OPENSUSE-SU-2020:0801-1 Security update for the Linux Kernel

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This...

CVE-2020-0126

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930...

CVE-2020-0126

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930...

Race condition

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930...

CVE-2020-0126

In multiple functions in DrmPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local code execution with System execution privileges required. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-137878930...

CVE-2020-7279

DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System Host IPS for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder...

IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium Buffer Overflow Vulnerability (CNVD-2020-29554)

IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium are both products of IBM Corporation, USA.IBM i2 Analysts Notebook is a data visualization and analysis tool. The product supports features such as data storage and data analysis.IBM i2 Analysts Notebook Premium is an advanced version ...

CVE-2020-4266

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4263

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4261

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force...

CVE-2020-4266

CVE-2020-4266 affects IBM i2 Analyst's Notebook and IBM i2 Analyst's Notebook Premium (version 9.2.1). The vulnerability is a local memory corruption that could allow a locally authenticated user to execute arbitrary code by persuading a victim to open a specially crafted file. The IBM security b...

curl: Curl_auth_create_plain_message integer overflow leads to heap buffer overflow

Summary: There is an incorrect integer overflow check in Curlauthcreateplainmessage in lib/vauth/cleartext.c , leading to a potential heap buffer overflow of controlled length and data. The exploitation seems quite easy, yet the vulnerability can only be triggered locally and does not seem to lea...

Linux kernel buffer overflow vulnerability (CNVD-2020-37938)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A buffer overflow vulnerability exists in the 'xdpumemre' function of the net/xdp/xdpumem.c file in versions of Linux kernel prior to 5.6.7, which can be exploited by ...

Oracle Database 11g Release 2 - (OracleDBConsoleorcl) Unquoted Service Path Vulnerability

Exploit Title: Oracle Database 11g Release 2 - 'OracleDBConsoleorcl' Unquoted Service Path Discovery by: Nguyen Khang - SunCSR Vendor Homepage: https://www.oracle.com/ Software Link: https://www.oracle.com/database/technologies/112010-win64soft.html Tested Version: 11g release 2 Vulnerability Typ...

Plex Media Server < 1.19.2.2673 Local Code Execution Vulnerability

Plex Media Server is prone to a local unauthenticated code execution vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

CVE-2020-7275

Accessing, modifying or executing executable files vulnerability in the uninstaller in McAfee Endpoint Security ENS for Windows Prior to 10.7.0 April 2020 Update allows local users to execute arbitrary code via a carefully crafted input file...

CVE-2018-1000622

The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in rustdoc plugins that can result in local code execution as a different user. This attack appear to be exploitable via using the --plugin flag without the...

OpenSSH 7.7 - 7.9, 8.x < 8.1 Integer Overflow Vulnerability

OpenSSH is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openbsd:openssh";...