NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2019-0044)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities: - A buffer overflow vulnerability due to a lack of input filtering of incoming fragmented datagrams was found in the IP-over-1394 driver firewire-net ...

kernel: use-after-free Read in vhost_transport_send_pkt

A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect and close function may allow an attacker using the AFVSOCK protocol to gather a 4 byte information leak or possibly impersonate AFVSOCK messages...

SWAPGS Attack — New Speculative Execution Flaw Affects All Modern Intel CPUs

A new variant of the Spectre Variant 1 side-channel vulnerability has been discovered that affects all modern Intel CPUs, and probably some AMD processors as well, which leverage speculative execution for high performance, Microsoft and Red Hat warned. Identified as CVE-2019-1125, the vulnerabili...

kernel: Information leak in cdrom_ioctl_drive_status

An information leak was discovered in the Linux kernel in cdromioctldrivestatus function in drivers/cdrom/cdrom.c that could be used by local attackers to read kernel memory at certain location...

Ubuntu: Security Advisory (USN-4069-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

In FreeBSD 12.0-STABLE before r349805, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r349806, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, code which handles close of a descriptor created by posixopenpt fails to undo a signal configuration. This causes ...

CVE-2019-5606

Removed by vendor...

FreeBSD freebsd32 Information Disclosure Vulnerability

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in FreeBSD freebsd32. A local attacker can exploit this vulnerability to read the contents of a portion of kernel memory...

FreeBSD -- Kernel memory disclosure in freebsd32_ioctl

Problem Description: Due to insufficient initialization of memory copied to userland in the components listed above small amounts of kernel memory may be disclosed to userland processes. Impact: A user who can invoke 32-bit FreeBSD ioctls may be able to read the contents of small portions of kern...

FreeBSD -- pts(4) write-after-free

Problem Description: The code which handles a close2 of a descriptor created by posixopenpt2 fails to undo the configuration which causes SIGIO to be raised. This bug can lead to a write-after-free of kernel memory. Impact: The bug permits malicious code to trigger a write-after-free, which may b...

FreeBSD Privilege Permission and Access Control Issues Vulnerability

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. A security vulnerability exists in the cdrom driver in FreeBSD. An attacker can exploit this vulnerability to arbitrarily overwrite kernel memory and gain root privileges...

CVE-2019-5602

In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory whe...

Design/Logic Flaw

In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory whe...

CVE-2019-5602

In FreeBSD 12.0-STABLE before r349628, 12.0-RELEASE before 12.0-RELEASE-p7, 11.3-PRERELEASE before r349629, 11.3-RC3 before 11.3-RC3-p1, and 11.2-RELEASE before 11.2-RELEASE-p11, a bug in the cdrom driver allows users with read access to the cdrom device to arbitrarily overwrite kernel memory whe...

FreeBSD -- Privilege escalation in cd(4) driver

Problem Description: To implement one particular ioctl, the Linux emulation code used a special interface present in the cd4 driver which allows it to copy subchannel information directly to a kernel address. This interface was erroneously made accessible to userland, allowing users with read...

CVE-2019-13049

An integer wrap in kernel/sys/syscall.c in ToaruOS 1.10.10 allows users to map arbitrary kernel pages into userland process space via TOARUSYSFUNCMMAP, leading to escalation of privileges...

Debian DLA-1823-1 : linux security update (SACK Panic) (SACK Slowness)

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2019-3846, CVE-2019-10126 huangwen reported multiple buffer overflows in the Marvell wifi mwifiex driver, which a local user could use to cause...

macOS and Mac OS X Multiple Vulnerabilities (Security Update 2019-003)

The remote host is running Mac OS X 10.12.6 or Mac OS X 10.13.6 and is missing a security update. It is, therefore, affected by multiple vulnerabilities : - An application may be able to read restricted memory CVE-2019-8603, CVE-2019-8560 - An application may be able to execute arbitrary code wit...

kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c

A flaw was found in the Linux kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory...

EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1477)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The pnrecvmsg function in net/phonet/datagram.c in the Linux kernel before 3.12.4 updates a certain length value before ensuring...