RHEL 8 : microcode_ctl (RHSA-2020:2677)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2677 advisory. Security Fixes: hw: Special Register Buffer Data Sampling SRBDS CVE-2020-0543 hw: L1D Cache Eviction Sampling CVE-2020-0549 hw: Vector...

Akamai Mitigates Sophisticated 1.44 Tbps and 385 Mpps DDoS Attack

It always surprises me how easily a community can adapt to a new situation or reality. What was once considered an outlier or even an unimaginable situation can quickly become our new normal. For those of us focused on protecting enterprises from threats, that also couldn't be more accurate...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-35363)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server, which can be exploited by a remote attacker to cause a denial of service with the help of a specially crafted SVG document...

Oracle Linux 6 : microcode_ctl (ELSA-2020-2433)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-2433 advisory. - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 1795353, 1795357, 1827186: - Update o...

Oracle Linux 7 : microcode_ctl (ELSA-2020-2432)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-2432 advisory. - Update Intel CPU microcode to microcode-20200602 release, addresses CVE-2020-0543, CVE-2020-0548, CVE-2020-0549 1827189: - Update of 06-2d-06/0x6d...

2020.1 IPU – Intel® CSME, SPS, TXE, AMT, ISM and DAL Advisory

Summary: Potential security vulnerabilities in Intel® Converged Security and Manageability Engine CSME, Intel® Server Platform Services SPS, Intel® Trusted Execution Engine TXE, Intel® Active Management Technology AMT, Intel® Standard Manageability ISM and Intel® Dynamic Application Loader DAL ma...

GHSA-2PPP-9496-P23Q Insufficient Entropy in Spring Security

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has...

[SECURITY] [DLA 2248-1] intel-microcode security update

Package : intel-microcode Version : 3.20200609.2deb8u1 CVE ID : CVE-2020-0543 CVE-2020-0548 CVE-2020-0549 The following CVEs were reported against src:intel-microcode. CVE-2020-0543 A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found...

openSUSE Security Update : ucode-intel (openSUSE-2020-791)

This update for ucode-intel fixes the following issues : Updated Intel CPU Microcode to 20200602 prerelease bsc1172466 This update contains security mitigations for : - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to core...

microcode_ctl security update

CentOS Errata and Security Advisory CESA-2020:2432 Updated microcodectl packages that fix several security bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

Moderate: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update

Updated microcodectl packages that fix several security bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE-SU-2020:1595-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated Intel CPU Microcode to 20200602 prerelease bsc1172466 This update contains security mitigations for: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

USN-4385-1: Intel Microcode vulnerabilities

It was discovered that memory contents previously stored in microarchitectural special registers after RDRAND, RDSEED, and SGX EGETKEY read operations on Intel client and Xeon E3 processors may be briefly exposed to processes on the same or different processor cores. A local attacker could use th...

hw: Vector Register Data Sampling

A flaw was found in Intel processors where a local attacker is able to gain information about registers used for vector calculations by observing register states from other processes running on the system. This results in a race condition where store buffers, which were not cleared, could be read...

Moderate: Red Hat Security Advisory: microcode_ctl security, bug fix and enhancement update

Updated microcodectl packages that fix several security bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

File upload vulnerability in beescms backend

BEESCMS is a scalable content management system CMS based on PHP and MySQL. A file upload vulnerability exists in the beescms backend. An attacker can exploit the vulnerability to upload malicious files and gain server privileges...

openSUSE Security Update : gcc9 (openSUSE-2020-716)

This update includes the GNU Compiler Collection 9. This update ships the GCC 9.3 release. A full changelog is provided by the GCC team on : https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgccs1, libstdc++6 and others are now built by the gcc 9 packages. ...

Updated log4net packages fix security vulnerability

Updated log4net packages fix security vulnerability This patch fixes a security vulnerability reported by Karthik Balasundaram. The security vulnerability was found in the way how log4net parses xml configuration files where it allowed to process XML External Entity Processing. An attacker could...