Atlassian Products Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Cross-Site Scripting Vulnerabilities products: PlantUML, Refined Toolkit for Confluence, Linking for Confluence, Countdown Timer, Server Status vulnerable...

systemd security and bug fix update

219-78.0.1 - Backport upstream patches related to private-tmp Sushmita Bhattacharya Orabug: 31561883 - backport upstream pstore tmpfiles patch Eric DeVolder Orabug: 31414539 - udev rules: fix memory hot add and remove Orabug: 31309730 - enable and start the pstore service Orabug: 30950903 - fix t...

kernel: use-after-free in sound/core/timer.c

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...

kernel: use-after-free in sound/core/timer.c

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...

An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.

...

Information Disclosure

linux is vulnerable to information disclosure. The vulnerability exists as through the internal state of the network RNG via drivers/char/random.c and kernel/time/timer.c...

DEBIAN-CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

ALPINE-CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

UBUNTU-CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

CVE-2020-25604

An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest also operating on the timers to release a lock that it...

CVE-2020-25604

CVE-2020-25604 in Xen up to 4.14.x describes a race condition when migrating timers between x86 HVM vCPUs. The locking model can allow a second vCPU of the same guest to release a lock it did not acquire, potentially causing a hang or crash (DoS) of the hypervisor. Affected: all Xen versions on x...

Xen Code Execution Vulnerability (CNVD-2020-53814)

Xen is an open source virtual machine monitor product from the University of Cambridge, UK. The product enables different and incompatible operating systems to run on the same computer and supports runtime migration to ensure uptime and avoid downtime. Xen has a security vulnerability. The...

Denial Of Service (DoS)

qemu is vulnerable to denial of service DoS. The vulnerability exists through a large interval timer reload value in the rc4030write function of hw/dma/rc4030.c...

Unbreakable Enterprise kernel security update

4.14.35-1902.306.2 - rename kABI whitelists to lockedlists Dan Duval Orabug: 31783150 - sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices Dave Chiluk Orabug: 31350999 CVE-2019-19922 - sched/fair: Fix throttlelist starvation with low CFS quota Phil Auld...

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1859)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system. A...

DEBIAN-CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c...

UBUNTU-CVE-2020-16166

The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c...

kernel: use-after-free in sound/core/timer.c

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...

Use-after-free

The kernel is vulnerable to use-after-free. The vulnerability exists in sound/core/timer.c due to erroneous code refactoring which allows an attacker to cause a memory corruption...

kernel: use-after-free in sound/core/timer.c

A memory flaw was found in the ALSA subsystem of the Linux kernel. The struct sndtimerinstance function fails the timer-maxinstances check leading to an invalid address. This could lead to a use-after-free vulnerability...