CVE-2018-6260

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector...

KLA11354 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: 1. An information...

UBUNTU-CVE-2018-6260

NVIDIA graphics driver contains a vulnerability that may allow access to application data processed on the GPU through a side channel exposed by the GPU performance counters. Local user access is required. This is not a network or remote attack vector...

Security Notice: NVIDIA Response to “Rendered Insecure: GPU Side Channel Attacks are Practical” - November 2018

November 9, 2018 This notice is a response to the October 2018 publication “Rendered Insecure: GPU Side Channel Attacks are Practical” regarding a software security issue in the NVIDIA GPU Graphics Driver. NVIDIA worked closely with the researchers and evaluated the issue following the Coordinate...

CVE-2018-3588

There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660...

Improper access control

There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660...

CVE-2018-3588

There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660...

Security update for Chromium (important)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

Reading Privileged Memory with a Side Channel - Lenovo Support US

No description provided...

Heap Feng Shader: Exploiting SwiftShader in Chrome

Posted by Mark Brand, Google Project Zero On the majority of systems, under normal conditions, SwiftShader will never be used by Chrome - it’s used as a fallback if you have a known-bad “blacklisted” graphics card or driver. However, Chrome can also decide at runtime that your graphics driver is...

Apple Intel GPU Driver Memory Misreference Vulnerability

A memory misreference vulnerability exists in the Apple Intel GPU driver. No details of the vulnerability are provided at this time...

Security update for Chromium (important)

This update for Chromium to version 70.0.3538.67 fixes multiple issues. Security issues fixed bsc1112111: - CVE-2018-17462: Sandbox escape in AppCache - CVE-2018-17463: Remote code execution in V8 - Heap buffer overflow in Little CMS in PDFium - CVE-2018-17464: URL spoof in Omnibox -...

Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Exploit

Exploit for macOS platform in category dos / poc / This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory external methods. The intel...

Apple Intel GPU Driver - Use-After-FreeDouble-Delete due to bad Locking

Apple Intel GPU Driver - Use-After-FreeDouble-Delete due to bad Locking / This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory extern...

Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking

/ This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory external methods. The intel graphics drivers have their own hash table type...

Google Chrome GPU Internals Buffer Overflow Vulnerability

Google Chrome is a web browser developed by Google.GPU Internals is one of the GPU components. A buffer overflow vulnerability exists in GPU Internals in versions of Google Chrome prior to 70.0.3538.67. A remote attacker can exploit this vulnerability to bypass the sandbox with the help of...

Google Chrome Security Updates (stable-channel-update-for-desktop-2018-10) - Linux

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Seeker v1.0.7 - Get Accurate Location using a Fake Website

Concept behind Seeker is simple, just like we host phishing pages to get credentials why not host a fake page that requests your loction just like many popular location based websites. Seeker Hosts a fake website on Apache Server and uses Ngrok , website asks for Location Permission and if the us...

kernel security and bug fix update

3.10.0-862.14.4.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-862.14.4 - scsi Revert: lpfc: Fix port initialization failure Radomir Vrbovsky...

Display adapter priority and monitor creation in Citrix sessions

This article includes information about the display adapter selection process, how virtual monitors are created, and manual configuration options for the same. Starting with XenDesktop 7.16 the Citrix Virtual Desktop Agent VDA for Windows 10 automatically selects the best display adapter to use f...