150 matches found
PAN-OS: Panorama session disclosure during context switch into managed device
An information exposure vulnerability exists in Palo Alto Networks Panorama software that discloses the token for the Panorama web interface administrator's session to a managed device when the Panorama administrator performs a context switch into that device. This vulnerability allows an attacke...
PT-2020-15246 · Palo Alto Networks · Palo Alto Networks Panorama
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Panorama versions PAN-OS 8.1 through PAN-OS 8.1.16 Palo Alto Networks Panorama versions PAN-OS 9.0 through PAN-OS 9.0.10 Palo Alto Networks Panorama versions PAN-OS 9.1 through PAN-OS 9.1.4 Description: An information...
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.
...
DEBIAN-CVE-2020-10766
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...
CVE-2020-10766
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...
kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.
A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...
kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.
A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...
kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.
A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...
kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.
A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...
kernel: Rogue cross-process SSBD shutdown. Linux scheduler logical bug allows an attacker to turn off the SSBD protection.
A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...
CVE-2020-10766
A logic bug flaw was found in the Linux kernel’s implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per...
UBUNTU-CVE-2020-10766
A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced...
PAN-OS: Panorama context switch session cookie disclosure
A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama versio...
Denial Of Service (DoS)
kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the Linux kernel when running on AMD64 systems. During a context switch, EFLAGS were being neither saved nor restored...
USN-4302-1 linux, linux-aws, linux-aws-hwe, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon, linux-azure vulnerabilities
Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information. CVE-2020-2732 Gregory Herrero discovere...
USN-4285-1 linux-aws-5.0, linux-azure, linux-gcp, linux-gke-5.0, linux-oracle-5.0 vulnerabilities
It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. CVE-2019-14615 It was discovered that the HSA Linux kernel driver for AMD GPU devices did not...
MGASA-2020-0089 Updated kernel-linus packages fix security vulnerabilities
This update provides upstream 5.4.20, adding support for new hardware and features, and resolves at least the following security issues: In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This...
CVE-2019-19895
In IXP EasyInstall 6.2.13723, there is Lateral Movement using the Agent Service against other users on a client system. An authenticated attacker can, by modifying %SYSTEMDRIVE%\IXP\SW\PACKAGECODE\EveryLogon.bat, achieve this movement and execute code in the context of other users...
drm graphics drivers -- potential information disclusure via local access
Intel reports: .A potential security vulnerability in IntelR Processor Graphics may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Description: Insufficient control flow in certain data structures for some IntelR Processors with IntelR...
Fedora 30 : xen (2019-53b0dc52ee)
xen: various flaws 1685577 grant table transfer issues on large hosts XSA-284 race with pass-through device hotplug XSA-285 x86: stealpage violates pagestruct access discipline XSA-287 x86: Inconsistent PV IOMMU discipline XSA-288 missing preemption in x86 PV page table unvalidation XSA-290 x86/P...