295 matches found
pycnet-audio (>=0.5.1 <=0.5.8) potentially affected by CVE-2021-29524 via tensorflow-cpu (=2.2.0)
tensorflow-cpu PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - pycnet-audio =0.5.1, =0.5.8 Source cves: CVE-2021-29524 Source advisory: OSV:PYSEC-2021-452...
Microarchitectural Data Sampling Advisory
Summary: A potential security vulnerability in CPUs may allow information disclosure. Intel is releasing Microcode Updates MCU updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2018-12126 Microarchitectural Store Buffer Data Sampling MSBDS: Store buffers on some...
Xen Paging Tables Race Condition (XSA-328)
According to its self-reported version number, the Xen hypervisor installed on the remote host is affected by an issue allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT nested paging tables, X...
SUSE: Security Advisory (SUSE-SU-2018:1614-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +100 more potentially affected by CVE-2020-15266 via tensorflow-cpu (>=1.15.0 <=2.3.1)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.1.0.dev1, =0.1.0.dev202107081840 and more Source cves: CVE-2020-15266 Source advisory: OSV:GHSA-XWHF-G6J5-J5GC...
a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +99 more potentially affected by CVE-2020-15201 via tensorflow-cpu (>=1.15.0 <=2.2.3)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.0.1, =0.3.3 and more Source cves: CVE-2020-15201 Source advisory: OSV:PYSEC-2020-281...
a62-emotion (>=0.10.12 <=0.11.4), agent-atm (>=0.1.0 <=0.1.1) +99 more potentially affected by CVE-2020-15196 via tensorflow-cpu (>=1.15.0 <=2.2.3)
tensorflow-cpu PYPI version =1.15.0, =0.10.12, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =0.0.5, =0.3.0, =0.0.1, =0.8.1, =0.1.1, =1.3.0, =0.0.1, =0.3.3 and more Source cves: CVE-2020-15196 Source advisory: OSV:PYSEC-2020-276...
gamornet-cpu (>=0.2.3 <=0.4.3), tchatbot (=0.1.0) +1 more potentially affected by CVE-2020-15210 via tensorflow-cpu (=1.15.0)
tensorflow-cpu PYPI version =1.15.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - gamornet-cpu =0.2.3, =0.7.0, =0.7.5 Source cves: CVE-2020-15210 Source advisory: OSV:PYSEC-2020-290...
tensorflowjs (>=1.5.2 <=1.7.4) potentially affected by CVE-2020-15190 via tensorflow-cpu (=2.1.0)
tensorflow-cpu PYPI version =2.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tensorflow-cpu and may be impacted: - tensorflowjs =1.5.2, =1.7.4 Source cves: CVE-2020-15190 Source advisory: OSV:GHSA-4G9F-63RX-5CW4...
sysmonitor-client (>=0.0.1 <=1.0.0), sytemmonitor-client (=0.0.1) potentially affected by CVE-2017-1000219 via windows-cpu (=0.1.4)
windows-cpu NPM version =0.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on windows-cpu and may be impacted: - sysmonitor-client =0.0.1, =1.0.0 - sytemmonitor-client =0.0.1 Source cves: CVE-2017-1000219 Source advisory: OSV:GHSA-63M4-FHF2-CMF7...
CVE-2020-15567
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT nested paging tables, Xen would in some circumstances use a series of non-atomic bitfield write...
CVE-2020-15567
An issue was discovered in Xen through 4.13.x, allowing Intel guest OS users to gain privileges or cause a denial of service because of non-atomic modification of a live EPT PTE. When mapping guest EPT nested paging tables, Xen would in some circumstances use a series of non-atomic bitfield write...
Unbreakable Enterprise kernel security update
4.1.12-124.39.5.1 - x86/speculation: Add Ivy Bridge to affected list Josh Poimboeuf Orabug: 31352782 CVE-2020-0543 - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31352782 CVE-2020-054 3 - x86/speculation: Add Special Register Buffer Data Sampling SRBDS...
Information disclosure
An information disclosure vulnerability exists when certain central processing units CPU speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'...
LVI Attacks: New Intel CPU Vulnerability Puts Data Centers At Risk
It appears there is no end in sight to the hardware level security vulnerabilities in Intel processors, as well as to the endless 'performance killing' patches that resolve them. Modern Intel CPUs have now been found vulnerable to a new attack that involves reversely exploiting Meltdown-type data...
SUSE-SU-2020:0558-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-2732: Fixed an issue affecting Intel CPUs where an L2 guest may trick the L0 hypervisor into accessing sensitive L1 resources bsc1163971. -...
New ‘CacheOut’ Attack Targets Intel CPUs
Researchers have identified a new speculative execution type attack, dubbed CacheOut, that could allow attackers to trigger data leaks from most Intel CPUs. The more serious of the two bugs, revealed Monday, is rated medium severity by Intel, who said fixes for both flaws are on the way. The more...
[SECURITY] [DLA 2051-1] intel-microcode security update
Package : intel-microcode Version : 3.20191115.2deb8u1 CVE ID : CVE-2019-11135 CVE-2019-11139 This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA TSX Asynchronous Abort vulnerability. For affected CPUs, to fully mitigate the...
A week in security (December 9 – 15)
Last week on Malwarebytes Labs, we cautioned readers against purchasing potentially privacy-invasive, cyber-insecure smart doorbells, warned about a new credit card skimmer vulnerability embedded within hundreds of fraudulent web sites selling supposedly name-brand shoes, and looked at the newest...
openSUSE Security Update : qemu (openSUSE-2019-2505)
This update for qemu fixes the following issues : - Patch queue updated from https://gitlab.suse.de/virtualization/qemu.git SLE15 - Fix use-after-free in slirp CVE-2018-20126 bsc1119991 - Fix potential DOS in lsi scsi controller emulation CVE-2019-12068 bsc1146873 - Expose taa-no 'feature',...