GHSA-8J8C-7JFH-H6HX Code Injection in js-yaml

Versions of js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load function may execute arbitrary code injected through a malicious YAML file. Objects that have toString as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code...

Code Injection in js-yaml

Versions of js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load function may execute arbitrary code injected through a malicious YAML file. Objects that have toString as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code...

JDK: Read beyond the end of bytecode array causing JVM crash

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4669)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4669 advisory. 4.1.12-124.27.2 - x86/speculation/mds: Check for the right microcode before setting mitigation Kanth Ghatraju Orabug: 29797118 - vxlan: test...

The vulnerability of Siemens SIMATIC product software, related to insufficient validation of input data, allows a perpetrator to trigger service failures.

The vulnerability of Siemens SIMATIC software products is related to insufficient verification of input data. Exploiting this vulnerability could allow an attacker with access to the project file to modify it in such a way that a service failure occurs upon loading...

The vulnerability of the `load_device_tree` function in the QEMU hardware emulation software allows a hacker to execute arbitrary code.

The vulnerability of the loaddevicetree function in the QEMU hardware emulation software is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Information disclosure

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

DEBIAN-CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

ALPINE-CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

CVE-2018-12127

CVE-2018-12127 (MLPDS) describes a side-channel information disclosure via load-port data sampling in microarchitectures with speculative execution. The issue arises from leakage of data across privileged boundaries through speculative load-port behavior on some Intel CPUs. Public ARIs and adviso...

CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the Linux kernel's NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make...

UBUNTU-CVE-2019-12382

An issue was discovered in drmloadedidfirmware in drivers/gpu/drm/drmedidload.c in the Linux kernel through 5.1.5. There is an unchecked kstrdup of fwstr, which might allow an attacker to cause a denial of service NULL pointer dereference and system crash. NOTE: The vendor disputes this issues as...

SUSE SLES11 Security Update : xen (SUSE-SU-2019:14063-1) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for xen fixes the following issues : Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS...

Linux kernel denial of service vulnerability (CNVD-2019-16432)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A denial of service vulnerability exists in drmloadedidfirmware in drivers/gpu/drm/drmedidload.c in Linux kernel 5.1....

openSUSE Security Update : xen (openSUSE-2019-1419) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for xen fixes the following issues : Four new speculative execution information leak issues have been identified in Intel CPUs. bsc1111331 - CVE-2018-12126: Microarchitectural Store Buffer Data Sampling MSBDS - CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling MFBDS -...

Schneider Electric EM6436 Load Monitor Detection

Binary data 273.prm...