CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

DEBIAN-CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

UBUNTU-CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CVE-2018-19976

In YARA 3.8.1, bytecode in a specially crafted compiled rule is exposed to information about its environment, in libyara/exec.c. This is a consequence of the design of the YARA virtual machine...

CloudBees Script Security Plugin Sandbox Bypass Vulnerability

CloudBees Script Security Plugin is the U.S. CloudBees company's Jenkins Java-based development of continuous integration tools in a plug-in for detecting script security . A sandbox bypass vulnerability exists in the groovy-sandbox/src/main/java/org/kohsuke/groovy/sandbox/SandboxTransformer.java...

SUSE SLES12 Security Update : java-1_8_0-ibm (SUSE-SU-2018:4064-1)

java-180-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 bsc1116574 Class Libraries : - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTI...

SUSE-SU-2018:4064-1 Security update for java-1_8_0-ibm

java-180-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 bsc1116574 Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTIO...

Xen Denial of Service and Elevation of Privilege Vulnerabilities

Xen is an open source virtual machine monitor developed by the Xen Project. A Denial of Service and Elevation of Privilege vulnerability exists in Xen 4.11, which stems from a failure to properly handle x86 IOREQ server resource accounting for use with external emulators and can be exploited by a...

DEBIAN-CVE-2018-19963

An issue was discovered in Xen 4.11 allowing HVM guest OS users to cause a denial of service host OS crash or possibly gain host OS privileges because x86 IOREQ server resource accounting for external emulators was mishandled...

Facebook HHVM Denial of Service Vulnerability (CNVD-2018-24629)

Facebook HHVM aka HipHop Virtual Machine is a virtual machine from Facebook that significantly improves the performance of loading dynamic pages in PHP. A denial of service vulnerability exists in Facebook HHVM versions 3.24.3 and earlier and 3.21.7 and earlier, which can be exploited by an...

UBUNTU-CVE-2018-6332

A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM 3.24.3 and 3.21.7 and below when using the proxygen server to handle HTTP2 requests...

SUSE-SU-2018:3933-1 Security update for java-1_7_1-ibm

java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 bsc1116574: Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-31...

SUSE-SU-2018:3921-1 Security update for java-1_7_1-ibm

java-171-ibm was updated to Java 7.1 Service Refresh 4 Fix Pack 35 bsc1116574: Consumability - IJ10515 AIX JAVA 7.1.3.10 GENERAL PROTECTION FAULT WHEN ATTEMPTING TO USE HEALTH CENTER API Class Libraries - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-31...

SUSE-SU-2018:3868-1 Security update for java-1_8_0-ibm

java-180-ibm was updated to Java 8.0 Service Refresh 5 Fix Pack 25 bsc1116574 Class Libraries: - IJ10934 CVE-2018-13785 - IJ10935 CVE-2018-3136 - IJ10895 CVE-2018-3139 - IJ10932 CVE-2018-3149 - IJ10894 CVE-2018-3180 - IJ10930 CVE-2018-3183 - IJ10933 CVE-2018-3214 - IJ09315 FLOATING POINT EXCEPTIO...

USN-3823-1: Linux kernel vulnerabilities

It was discovered that memory present in the L1 data cache of an Intel CPU core may be exposed to a malicious process that is executing on the CPU core. This vulnerability is also known as L1 Terminal Fault L1TF. A local attacker in a guest virtual machine could use this to expose sensitive...

Py-EVM Denial of Service Vulnerability

Py-EVM is a Python-based implementation of an Ethernet virtual machine. A denial of service vulnerability exists in Py-EVM version 0.2.0-alpha.33, which can be exploited by an attacker to cause a denial of service...

The vulnerability of the Java VM component of the Oracle Database Server management system allows a hacker to execute arbitrary code.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

gnutls: "Just in Time" PRIME + PROBE cache-based side channel attack can lead to plaintext recovery

A cache-based side channel attack was found in the way GnuTLS implements CBC-mode cipher suites. An attacker could use a combination of "Just in Time" Prime+probe and Lucky-13 attacks to recover plain text in a cross-VM attack scenario...