Arbitrary Code Execution

systemd is vulnerable to arbitrary code execution. A use-after-free occurs when asynchronous polkit queries are performed...

RHEL 8 : systemd (RHSA-2020:0564)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0564 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive...

Moderate: Red Hat Security Advisory: virt:8.1 and virt-devel:8.1 security update

An update for the virt:8.1 and virt-devel:8.1 modules is now available for Advanced Virtualization for RHEL 8.1.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating,...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

Oracle Linux 8 : kernel (ELSA-2020-0339)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-0339 advisory. - x86 kvm: vmx: use MSRIA32TSXCTRL to hard-disable TSX on guest that lack it Paolo Bonzini 1781660 1779553 CVE-2019-19338 - x86 kvm: vmx: implement...

[SECURITY] Fedora 31 Update: libasr-1.0.4-1.fc31

Libasr allows to run DNS queries and perform hostname resolutions in a fully asynchronous fashion. The implementation is thread-less, fork-less, and doe s not make use of signals or other "tricks" that might get in the developer's way. The API was initially developed for the OpenBSD operating...

[SECURITY] Fedora 30 Update: libasr-1.0.4-1.fc30

Libasr allows to run DNS queries and perform hostname resolutions in a fully asynchronous fashion. The implementation is thread-less, fork-less, and doe s not make use of signals or other "tricks" that might get in the developer's way. The API was initially developed for the OpenBSD operating...

Fedora: Security Advisory for libasr (FEDORA-2020-270ef80e9e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : xen (SUSE-SU-2020:0334-1)

This update for xen fixes the following issues : CVE-2020-7211: potential directory traversal using relative paths via tftp server on Windows host bsc1161181. CVE-2019-19579: Device quarantine for alternate pci assignment methods bsc1157888. CVE-2019-19581: findnextbit issues bsc1158003...

qemu security update

CentOS Errata and Security Advisory CESA-2020:0366 An update for qemu-kvm is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20200205)

Security Fixes : - hw: TSX Transaction Asynchronous Abort TAA CVE-2019-11135 - QEMU: slirp: heap buffer overflow during packet reassembly CVE-2019-14378 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid133518;...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

Moderate: Red Hat Security Advisory: virt:rhel security update

An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RLSA-2020:0279 Moderate: virt:rhel security update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:Rocky Linux module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting wi...

The vulnerability of the GnuTLS cryptographic library, related to access to an uninitialized pointer, allows a hacker to cause a service failure.

The vulnerability of the GnuTLS cryptographic library relates to access to an uninitialized pointer. Exploiting this vulnerability could allow a malicious actor, operating remotely, to cause service failures when receiving asynchronous messages...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1535)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

hw: TSX Transaction Asynchronous Abort (TAA)

A flaw was found in the way Intel CPUs handle speculative execution of instructions when the TSX Asynchronous Abort TAA error occurs. A local authenticated attacker with the ability to monitor execution times could infer the TSX memory state by comparing abort execution times. This could allow...

NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2020-0002)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities: - Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to...

Debian DSA-4602-1 : xen - security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service, guest-to-host privilege escalation or information leaks. In addition this update provides mitigations for the 'TSX Asynchronous Abort'speculative side channel attack. For additional...