USN-4451-2 ppp vulnerability

USN-4451-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Thomas Chauchefoin working with Trend Micro´s Zero Day Initiative, discovered that ppp incorrectly handled module loading. A local attacker...

CVE-2020-4551

IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force I...

CVE-2020-4552

CVE-2020-4552 affects IBM i2 Analyst’s Notebook 9.2.1 (and related IBM i2 products) and is caused by a memory corruption vulnerability that could allow a local attacker to execute arbitrary code by persuading a user to open a specially crafted file. The CVSS-derived assessments in the sources cit...

CVE-2020-4551

CVE-2020-4551 affects IBM i2 Analyst’s Notebook and IBM i2 Analyst’s Notebook Premium (versions 9.2.1 and 9.2.2). The issue is a memory corruption weakness that could allow a local attacker to execute arbitrary code by convincing a user to open a specially crafted file. IBM’s bulletin confirms me...

USN-4432-1 grub2, grub2-signed vulnerabilities

Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. CVE-2020-10713 Chris...

SonicWall NetExtender Windows client input validation error vulnerability

SonicWall NetExtender Windows client is a Windows-based SSL VPN Virtual Private Network client application from SonicWall USA. An input validation error vulnerability exists in SonicWall NetExtender Windows client version 9.0.815 and earlier. A local attacker can exploit the vulnerability by...

openSUSE Security Update : the Linux Kernel (openSUSE-2020-801)

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This...

hw: Special Register Buffer Data Sampling (SRBDS)

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this fl...

Multiple VMware Products Resource Management Error Vulnerability (CNVD-2021-24356)

VMware ESXi is a server virtualization platform that can be installed directly on physical servers, VMware Workstation is a set of virtual machine software, and VMware Fusion is a set of virtual machine software designed to run Windows applications on Macs. VMware Fusion is a suite of virtual...

SUSE-SU-2020:1775-1 Security update for the Linux Kernel (Live Patch 0 for SLE 12 SP5)

This update for the Linux Kernel 4.12.14-120 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access bsc1172437. - CVE-2018-1000199: Fixed a potential local code execution via ptrac...

SUSE-SU-2020:1754-1 Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP4)

This update for the Linux Kernel 4.12.14-9532 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access bsc1172437. - CVE-2018-1000199: Fixed a potential local code execution via ptra...

hw: Special Register Buffer Data Sampling (SRBDS)

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling SRBDS has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this fl...

SUSE-SU-2020:1656-1 Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-195 fixes several issues. The following security issues were fixed: - CVE-2019-13233: Fixed a race condition between modifyldt and a BR exception for an MPX bounds violation bsc1144502. - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon...

SUSE-SU-2020:1671-1 Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19710 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access bsc1172437. - CVE-2019-15666: Fixed an out of bounds read xfrmpolicyunlink,...

SUSE-SU-2020:1646-1 Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1)

This update for the Linux Kernel 4.12.14-19718 fixes several issues. The following security issues were fixed: - CVE-2020-10757: Fixed an issue where remaping hugepage DAX to anon mmap could have caused user PTE access bsc1172437. - CVE-2018-1000199: Fixed a potential local code execution via...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:1605-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:1599-1)

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called...

Security update for the Linux Kernel (important)

openSUSE Security Update: Security update for the Linux Kernel Announcement ID: openSUSE-SU-2020:0801-1 Rating: important References: 1051510 1058115 1065729 1071995 1082555 1083647 1089895 1090036 1103990 1103991 1103992 1104745 1109837 1111666 1112178 1112374 1113956 1114279 1124278 1127354...

Out-of-bounds

In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds OOB read/write vulnerability that leads to both local and remote code via RPC execution...

OPENSUSE-SU-2020:0801-1 Security update for the Linux Kernel

The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-0543: Fixed a side channel attack against special registers which could have resulted in leaking of read values to cores other than the one which called it. This...