CVE-2019-8747

CVE-2019-8747 is a memory corruption vulnerability that Apple attributes to improved locking, allowing an attacker may run code with kernel privileges on affected Apple platforms. The primary public details in connected sources specify the issue as fixed in watchOS 6.1, with the Watch firmware up...

CVE-2019-18373

Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass exploit. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access...

OPENSUSE-SU-2019:2510-1 Security update for qemu

This update for qemu fixes the following issues: qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. CVE-2018-20126 bsc1119991, CVE-2019-14378 bsc1143794, and CVE-2019-15890 bsc1149811...

SUSE SLED15 / SLES15 Security Update : qemu (SUSE-SU-2019:2955-1)

This update for qemu fixes the following issues : qemu was updated to v3.1.1.1, a stable, bug-fix-only release, which includes 2 fixes we already carry, as well as one additional use- after-free fix in slirp. CVE-2018-20126 bsc1119991, CVE-2019-14378 bsc1143794, and CVE-2019-15890 bsc1149811...

macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common() Exploit

On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new filesystem has just been mounted. If so, replace them with the new mount point....

kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service DoS, or possibly have unspecified other impa...

kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service DoS, or possibly have unspecified other impa...

XNU Missing Locking Race Condition

XNU: missing locking in checkdirscallback enables race with fchdircommon On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new...

macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()

On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new filesystem has just been mounted. If so, replace them with the new mount point....

Debian: Security Advisory (DLA-1959-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 1959-1] xtrlock security update

Package : xtrlock Version : 2.6+deb8u1 CVE ID : CVE-2016-10894 Debian Bug : 830726 It was discovered that multitouch devices were not being disabled by the "xtrlock" screen locking utility. xtrlock did not block multitouch events so an attacker could still input and thus control various programs...

CVE-2009-4642

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop such as Xubuntu or Mythbuntu is used, which allows physically proximate attackers to access an unattended workstation on which screen locking had been intended...

Design/Logic Flaw

REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values...

CVE-2019-17121

REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values...

CVE-2019-9268

In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

Design/Logic Flaw

In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID:...

CVE-2019-9268

CVE-2019-9268 affects Android’s media stack (libstagefright) with a use-after-free caused by improper locking, enabling local escalation of privilege in the media server without extra privileges. The issue is tied to Android 10 (Android-10) and is documented in the Android 10 Security Release Not...

CVE-2019-9273

In the Android kernel in the synapticsdsxhtc touchscreen driver there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

Design/Logic Flaw

In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Security update for qemu (important)

openSUSE Security Update: Security update for qemu Announcement ID: openSUSE-SU-2019:2059-1 Rating: important References: 1079730 1098403 1111025 1119115 1134883 1135902 1136540 1136778 1140402 1143794 Cross-References: CVE-2019-12155 CVE-2019-13164 CVE-2019-14378 Affected Products: openSUSE Leap...