PT-2019-6310 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.2.14 Description: The issue is related to a NULL pointer dereference in the Linux kernel, specifically in the radeon display driver. This occurs because the alloc workqueue return value is not checked, potentially leadi...

USN-4118-1 linux-aws vulnerabilities

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...

Panic during initialization of Lazy<T> might trigger undefined behavior

If during the first dereference of Lazy the initialization function panics, subsequent dereferences will execute std::hints::unreachableunchecked. Applications with panic = "abort" are not affected, as there will be no subsequent dereferences...

RUSTSEC-2019-0017 Panic during initialization of Lazy<T> might trigger undefined behavior

If during the first dereference of Lazy the initialization function panics, subsequent dereferences will execute std::hints::unreachableunchecked. Applications with panic = "abort" are not affected, as there will be no subsequent dereferences...

kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members

A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group an...

Missing Patch Logging Initialization

Binary data patchlogginginit.nbin...

Scientific Linux Security Update : python on SL7.x x86_64 (20190806)

Security Fixes : - python: Missing salt initialization in elementtree.c module CVE-2018-14647 - python: NULL pointer dereference using a specially crafted X509 certificate CVE-2019-5010 - python: CRLF injection via the query part of the url passed to urlopen CVE-2019-9740 - python: CRLF injection...

Flaw in interface may drop uninitialized instance of arbitrary types

Affected versions of this crate would call Vec::setlen on an uninitialized vector with user-provided type parameter, in an interface of the HDR image format decoder. They would then also call other code that could panic before initializing all instances. This could run Drop implementations on...

NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String

There is an info leak when decoding the SGBigUTF8String class using SGBigUTF8String initWithCoder:. This class initializes the string using SGBigUTF8String initWithUTF8DataNullTerminated: even though there is no guarantee the bytes provided to the decoder are null terminated. It should use...

CVE-2019-1224

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to...

CVE-2019-1225

An information disclosure vulnerability exists when the Windows RDP server improperly discloses the contents of its memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the system. To exploit this vulnerability, an attacker would have to...

USN-4094-1 linux, linux-hwe, linux-azure, linux-gcp, linux-gke-4.15, linux-kvm, linux-oem, linux-oracle, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...

NewStart CGSL MAIN 5.04 : postgresql Multiple Vulnerabilities (NS-SA-2019-0006)

The remote NewStart CGSL host, running version MAIN 5.04, has postgresql packages installed that are affected by multiple vulnerabilities: - Privilege escalation flaws were found in the Red Hat initialization scripts of PostgreSQL. An attacker with access to the postgres user account could use...

Moderate: Red Hat Security Advisory: python security and bug fix update

An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2019-7886

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts...

Code injection

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts...

CVE-2019-7886

CVE-2019-7886 affects Magento 2.1.x before 2.1.18, 2.2.x before 2.2.9, and 2.3.x before 2.3.2. The issue is a weak cryptographic mechanism used to generate the initialization vector in multiple security contexts, enabling potential cryptographic abuse. RedHat and OSV listings confirm the same des...

CVE-2019-7886

A cryptograhic flaw exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A weak cryptograhic mechanism is used to generate the intialization vector in multiple security relevant contexts...

SRC-2020-00 : Foxit Reader XObject Stream Uninitialized Object Information Disclosure Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...

DEBIAN-CVE-2019-13990

initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description...