RHEL 7 : kernel (RHSA-2018:1637)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:1637 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: An industry-wide issue was found in the way man...

SEO poisoning: Is it worth it?

Search Engine Optimization SEO poisoning basically comes down to getting your web page high in the rankings for relevant search results without buying advertisements or using legitimate, but tedious, SEO best practices. Instead, threat actors use illegal means to push their page to the top...

Important: Red Hat Security Advisory: redhat-virtualization-host security update

An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CentOS 7 : kernel (CESA-2018:1629) (Spectre)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass Exploit

Exploit for hardware platform in category dos / poc / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory...

RHEL 7 : kernel-rt (RHSA-2018:1630) (Spectre)

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2018:1629 An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

kernel, perf, python security update

CentOS Errata and Security Advisory CESA-2018:1651 An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: org.ovirt.engine-root security update

An update for org.ovirt.engine-root is now available for RHEV Manager version 3.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass

/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...

Configuring a SDX Channel from the SVM

Identify how configure LACP in SDX Channel...

TRIM and PVS: vDisks may Reduce in Size after a Merged Base

After performing a Merged Base operation on a vDisk that is utilizing the VHDX file format, the resultant merged base VHDX file may be smaller than the original base VHDX file. For example, this behavior might occur in situations where files are deleted in a particular vDisk version, and these...

Addressing the Availability of the ACAEngine

In my experience as a Solutions Engineer, I've seen many companies strive for 100% uptime of enterprise applications. However, this is a goal that cannot happen by itself. Careful thought must be put into the underlying architecture that delivers these critical enterprise applications. Recently,...

Measure What Matters: Your Competitive Advantage May Lie in Your Understanding (or Lack of Understanding) of What Users Are Really Experiencing

Attracting and retaining customers lies in your ability to offer an exceptional digital experience. Now that digital channels are increasingly preferred over channels of the past, the climate is increasingly competitive -- and businesses are fighting to maintain loyalty and keep users engaged...

Microsoft Chakra Typed Array JIT Optimization Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the generation ...

Chrome V8 JIT LoadElimination::ReduceTransitionElementsKind Bug

Chrome: V8: JIT: A bug in LoadElimination::ReduceTransitionElementsKind I think this commit has introduced the bug: https://chromium.googlesource.com/v8/v8.git/+/9884bc5dee488bf206655f07b8a487afef4ded9b Reduction LoadElimination::ReduceTransitionElementsKindNode node ... if...

Google Chrome V8 JIT - LoadElimination::ReduceTransitionElementsKind Type Confusion

Exploit for multiple platform in category dos / poc / I think this commit has introduced the bug: https://chromium.googlesource.com/v8/v8.git/+/9884bc5dee488bf206655f07b8a487afef4ded9b Reduction LoadElimination::ReduceTransitionElementsKindNode node ... if objectmaps.containsZoneHandleSetsourcema...

OpenVAS Knowledge Base become smaller

At 23 January Jan Oliver Wagner, leader of OpenVAS project and Greenbone CEO, sent an email with a subject "Attic Cleanup". In this message, he mentioned, that some NASL plugins will be excluded from the public NVT / Greenbone Community Feed GCF soon. On the one hand it seems logical. These old...

CVE-2018-9048

In Windows Master aka Windows Optimization Master 7.99.13.604, the driver file WoptiHWDetect.SYS allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0xf100282c...