hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)

Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results ar...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)

Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results ar...

hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)

Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results ar...

UBUNTU-CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

Microarchitectural Data Sampling speculative side channel

ISSUE DESCRIPTION Microarchitectural Data Sampling refers to a group of speculative sidechannels vulnerabilities. They consist of: CVE-2018-12126 - MSBDS - Microarchitectural Store Buffer Data Sampling CVE-2018-12127 - MLPDS - Microarchitectural Load Port Data Sampling CVE-2018-12130 - MFBDS -...

JDK: Read beyond the end of bytecode array causing JVM crash

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

JDK: Read beyond the end of bytecode array causing JVM crash

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

JDK: Read beyond the end of bytecode array causing JVM crash

In Eclipse OpenJ9 prior to the 0.14.0 release, the Java bytecode verifier incorrectly allows a method to execute past the end of bytecode array causing crashes. Eclipse OpenJ9 v0.14.0 correctly detects this case and rejects the attempted class load...

PT-2019-9049 · Asus · Asus Rt-Ac3200

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC3200 version 3.0.0.4.382.50010 Description: The issue allows attackers to execute system commands via the "load script" URL parameter in the appGet.cgi file. This can be exploited by sending a malicious request to the "/appGet.cgi"...

Fedora Update for mod_cluster FEDORA-2019-17556e2ad6

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Installer of Electronic reception and examination of application for radio licenses Online may insecurely load Dynamic Link Libraries

Overview Installer of Electronic reception and examination of application for radio licenses Online contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...

[SECURITY] Fedora 29 Update: mod_cluster-1.3.11-1.fc29

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

[SECURITY] Fedora 28 Update: mod_cluster-1.3.11-1.fc28

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

[SECURITY] Fedora 30 Update: mod_cluster-1.3.11-1.fc30

Modcluster is an httpd-based load balancer. Like modjk and modproxy, modcluster uses a communication channel to forward requests from httpd to one of a set of application server nodes. Unlike modjk and modproxy, modclus ter leverages an additional connection between the application server nodes a...

Fedora Update for mod_cluster FEDORA-2019-3877efca99

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

This module exploits a vulnerability in Oracle Application Testing Suite OATS. In the Load Testing interface, a remote user can abuse the custom report template selector, and cause the DownloadServlet class to read any file on the server as SYSTEM. Since the Oracle application contains multiple...

Fedora Update for keepalived FEDORA-2018-3fbc181b3e

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...