68 matches found
SUSE CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
MAL-2022-1203 Malicious code in aws-solutions-constructs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d87219753522203f4379f860232eca25a18796c1ba879d9b3eca269fbd762c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in aws-solutions-constructs (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5d87219753522203f4379f860232eca25a18796c1ba879d9b3eca269fbd762c1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
SUSE: Security Advisory (SUSE-SU-2019:13921-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2019:0875-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 34 Update: rubygem-yard-0.9.26-3.fc34
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
The leap of a Cycldek-related threat actor
Introduction In the nebula of Chinese-speaking threat actors, it is quite common to see tools and methodologies being shared. One such example of this is the infamous "DLL side-loading triad": a legitimate executable, a malicious DLL to be sideloaded by it, and an encoded payload, generally dropp...
CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects...
openSUSE Security Update : xen (openSUSE-2019-1199)
This update for xen fixes the following issues : Security issues fixed : - CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service DoS. XSA-282 bsc1114988 - Fixed an issue which could allow malicious PV guests may cause a host crash or gain...
SUSE SLED15 / SLES15 Security Update : Recommended update for xen (SUSE-SU-2019:0875-1)
This update for xen fixes the following issues : Security issues fixed : CVE-2018-19967: Fixed HLE constructs that allowed guests to lock up the host, resulting in a Denial of Service DoS. XSA-282 bsc1114988 Fixed an issue which could allow malicious PV guests may cause a host crash or gain acces...
Fedora 28 : xen (2019-bce6498890)
xen: various flaws 1685577 grant table transfer issues on large hosts XSA-284 race with pass-through device hotplug XSA-285 x86: stealpage violates pagestruct access discipline XSA-287 x86: Inconsistent PV IOMMU discipline XSA-288 missing preemption in x86 PV page table unvalidation XSA-290 x86/P...
CVE-2019-0546
A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio...
SUSE SLES11 Security Update : xen (SUSE-SU-2019:13921-1)
This update for xen fixes the following issues : Security vulnerabilities fixed : CVE-2018-19961, CVE-2018-19962: Fixed an issue related to insufficient TLB flushing with AMD IOMMUs, which potentially allowed a guest to escalate its privileges, may cause a Denial of Service DoS affecting the enti...
SUSE SLED12 / SLES12 Security Update : xen (SUSE-SU-2019:0003-1)
This update for xen fixes the following issues : Update to Xen 4.11.1 bug fix release bsc1027519 CVE-2018-17963: Fixed an integer overflow issue in the QEMU emulator, which could occur when a packet with large packet size is processed. A user inside a guest could have used this flaw to crash the...
Fedora 29 : xen (2018-8e457298ce)
guest use of HLE constructs may lock up host XSA-282 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
Fedora 27 : xen (2018-fe24359b69)
guest use of HLE constructs may lock up host XSA-282 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...
guest use of HLE constructs may lock up host
ISSUE DESCRIPTION Various Intel CPU models have an erratum listed under the title "Processor May Hang When Executing Code In an HLE Transaction". It describes a potential hang when using instructions with the XACQUIRE prefix on the host physical memory range covering the first 4 MiB starting at t...
CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
CVE-2017-9274
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...
Command injection
A shell command injection in the obs-service-sourcevalidator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs...