FreeBSD-SA-20:09.ntp

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:09.ntp Security Advisory The FreeBSD Project Topic: Multiple denial of service in ntpd Category: contrib Module: ntp Announced: 2020-03-19 Credits: Philippe...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

The vulnerability of the KVM virtualization subsystem in Linux operating systems allows a perpetrator to gain access to confidential data.

The vulnerability of the KVM virtualization subsystem in Linux operating systems is related to the simultaneous execution using shared resources with improper synchronization. Exploiting this vulnerability allows an attacker to gain access to confidential data...

The vulnerability of the QEMU implementation of the Media Transfer Protocol allows a perpetrator to gain unauthorized access to information.

The vulnerability of the QEMU implementation of the Media Transfer Protocol is caused by synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to information...

The vulnerability of Google Chrome’s browser extensions allows a hacker to trigger a service failure.

The vulnerability of Google Chrome’s browser extensions’ web interface is related to the use of a shared resource with incorrect synchronization. Exploiting this vulnerability allows an attacker to cause a service failure through a specially created HTML page...

Fedora: Security Advisory for systemd (FEDORA-2020-f8e267d6d0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

Nextcloud Input Validation Error Vulnerability

Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud is vulnerable to an input validation error. The vulnerability originates from a network system or product that does not properly validate incoming...

The vulnerability of the DxgkDdiEscape function in the NVIDIA GeForce, Quadro, and Tesla graphics processor software, related to errors in synchronizing common data, allows attackers to cause system failures, increase their privileges, or disclose sensitive information.

The vulnerability of the DxgkDdiEscape function in the NVIDIA GeForce, Quadro, and Tesla graphics processing unit software is related to errors during the synchronization of common data. Exploiting this vulnerability can allow an attacker to cause system failures, increase their privileges, or...

ShareFile Enterprise - UMT is unable to sync new users created in AD

The user is trying to create an Admin service account that's not leveraging SAML authentication. However, the account is not syncing within the UMT console...

Important: Red Hat Bug Fix Advisory: Satellite 6.6.2 Async Bug Fix Update

Updated Satellite 6.6 packages that fix several bugs are now available for Red Hat Satellite. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other clien...

Kernel: KVM: export MSR_IA32_TSX_CTRL to guest - incomplete fix for TAA (CVE-2019-11135)

A flaw was found in the fix for CVE-2019-11135, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort TAA error occurs. When a guest is running on a host CPU affected by the TAA flaw TAANO=0, but is not affected by the MDS issue MDSNO=1, the guest was to...

Persistence – WaitFor

Waitfor is a Microsoft binary which is typically used to synchronize computers across a network by sending signals. This communication mechanism can be used in… Continue reading - Persistence - WaitFor...

The vulnerability in the driver drivers/usb/core/file.c of the Linux operating system allows a hacker to cause a service failure.

The vulnerability in the drivers/usb/core/file.c file of the Linux operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause a service failure...

Clario: Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com

Summary Multiple Information Disclosure with Go PPROF on api-ne.mackeeper.com. Steps To Reproduce Go to: https://api-ne.mackeeper.com/debug/pprof/ You will see these links: - allocs: A sampling of all past memory allocations - block: Stack traces that led to blocking on synchronization primitives...

Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

RUSTSEC-2020-0062 Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption

Affected versions of the crate had an unsound Sync implementation on the FuturesUnordered structure, which used a Cell for interior mutability without any code to handle synchronized access to the underlying task list's length and head safely. This could of lead to data corruption since two threa...

Huawei EulerOS: Security Advisory for ntp (EulerOS-SA-2017-1023)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

The vulnerability of the implementation of the Intel Transactional Synchronization Extensions (TSX) technology in microprogramming software for Intel processors allows a hacker to disclose protected information.

The vulnerability of the Intel Transactional Synchronization Extensions TSX implementation in Intel microcomputer software is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose sensitive information by launching attacks through...