OPENSUSE-SU-2020:0381-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction bsc1165784. - Fixed an issue where pthread were not always locked correctly bsc1164505. - Document mprotect and introduce section on memory protection bsc116318...

Security update for glibc (moderate)

openSUSE Security Update: Security update for glibc Announcement ID: openSUSE-SU-2020:0381-1 Rating: moderate References: 1163184 1164505 1165784 Cross-References: CVE-2020-10029 Affected Products: openSUSE Leap 15.1 An update that solves one vulnerability and has two fixes is now available...

CVE-2020-8873

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists withi...

PT-2020-1247 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.6.8 Description: The issue is related to the usb sg cancel function in the Linux kernel, specifically in the drivers/usb/core/message.c file. It involves a use-after-free condition due to a transfer occurring...

SUSE-SU-2020:0668-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction bsc1165784. - Fixed an issue where pthread were not always locked correctly bsc1164505. - Document mprotect and introduce section on memory protection bsc116318...

Parallels Desktop xHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI...

CVE-2020-3831

A race condition was addressed with improved locking. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. An application may be able to execute arbitrary code with kernel privileges...

CVE-2020-3831

CVE-2020-3831 describes a race condition in the Apple kernel that could allow an application to execute arbitrary code with kernel privileges. The issue was fixed in iOS 13.3.1 and iPadOS 13.3.1 through improved locking, as documented by Apple (HT210918). Connected entries corroborate a kernel‑le...

kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service DoS, or possibly have unspecified other impa...

CVE-2020-8010 Nimbus protocol allows unauth read/write/execute

CA Unified Infrastructure Management Nimsoft/UIM 9.20 and below contains an improper ACL handling vulnerability in the robot controller component. A remote attacker can execute commands, read from, or write to the target system. Recent assessments: busterb at August 04, 2020 5:44pm UTC reported:...

Samsung SEND_FILE_WITH_HEADER Use-After-Free

Samsung: UAF via missing locking in SENDFILEWITHHEADER handler in fmtpsamsung.c Tested on a Samsung A50 SM-A505FN, running build "samsung/a50xx/a50:9/PPR1.180610.011/A505FNXXS3ASK9:user/release-keys", security patch level 2019-11-01. Samsung's kernel tree contains two implementations of...

Samsung SEND_FILE_WITH_HEADER Use-After-Free Exploit

Samsung suffers from a use-after-free vulnerability due to a missing lock in the SENDFILEWITHHEADER handler in fmtpsamsung.c. Samsung: UAF via missing locking in SENDFILEWITHHEADER handler in fmtpsamsung.c Tested on a Samsung A50 SM-A505FN, running build...

A week in security (January 20 – 26)

Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in Florida; unmasked an elaborate browser locking scheme behind the more advanced tech support operations that are currently active; and looked at the latest laws on regulating deepfakes...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1672)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1535)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle VirtualBox xHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI...

openSUSE: Security Advisory for qemu (openSUSE-SU-2019:2510-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-8747

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges...

CVE-2019-8747

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges...

CVE-2019-8747

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges...