GSD-2023-1000492 x86/MCE/AMD: Clear DFR errors found in THR handler

x86/MCE/AMD: Clear DFR errors found in THR handler This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.18 by commit...

Tiny Technologies TinyMCE 跨站脚本漏洞

Tiny Technologies TinyMCE is a rich text editor from Tiny Technologies, Inc. Tiny Technologies TinyMCE suffers from a cross-site scripting vulnerability that originates from cross-site scripting that can be achieved when an attacker serves malicious HTML content to its warning and confirmation...

Critical: Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.0.2 security and bug fixes

Multicluster Engine for Kubernetes 2.0.2 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

GSD-2022-1003652 x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails

x86/MCE/AMD: Fix memory leak when thresholdcreatebank fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...

GSD-2022-1003443 x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails

x86/MCE/AMD: Fix memory leak when thresholdcreatebank fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...

GSD-2022-1003037 mce: fix set_mce_nospec to always unmap the whole page

mce: fix setmcenospec to always unmap the whole page This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

GSD-2022-1002858 x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails

x86/MCE/AMD: Fix memory leak when thresholdcreatebank fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

Important: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.5 security updates, images, and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.5.0 is now generally available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as...

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

Android apps with millions of downloads exposed to high-severity vulnerabilities

Microsoft uncovered high-severity vulnerabilities in a mobile framework owned by mce Systems and used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote albeit complex or local attacks. The vulnerabilities, which affected apps...

Cross-site Scripting (XSS)

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization. An authenticated user can inject arbitrary JavaScript code into IFrames when editing content using the TinyMCE rich-text editor, as...

GSD-2022-1001060 x86/mce: Work around an erratum on fast string copy instructions

x86/mce: Work around an erratum on fast string copy instructions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.3 by commit...

Unbreakable Enterprise kernel security update

4.1.12-124.57.1 - target; fix print statement warning John Donnelly Orabug: 33495661 - enic;: fix warning on moduleparam disablevlan0, John Donnelly Orabug: 33495661 - bnx2fc: correct BNX2FCTMTIMEOUT to be 60 sec John Donnelly Orabug: 33495661 - target: Fix linux-4.1.y specific compile warning...

GSD-2021-1001681 powerpc/64s: Fix unrecoverable MCE calling async handler from NMI

powerpc/64s: Fix unrecoverable MCE calling async handler from NMI This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.12 by commit...

UVI-2021-1001681 powerpc/64s: Fix unrecoverable MCE calling async handler from NMI

powerpc/64s: Fix unrecoverable MCE calling async handler from NMI This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.12 by commit...

CVE-2021-0588

In processInboundMessage of MceStateMachine.java, there is a possible SMS disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

mce-team.fr Cross Site Scripting vulnerability OBB-1275958

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0028)

The remote OracleVM system is missing necessary patches to address critical security updates : - ipv4: ipv4defaultadvmss should use route mtu Eric Dumazet Orabug: 31563095 - net: ipv4: Refine the ipv4defaultadvmss Gao Feng Orabug: 31563095 - Revert 'bnxten: Remove busy poll logic in the driver.'...

F5 Networks BIG-IP : Intel MCE vulnerability (K17269881)

Improper invalidation for page table updates by a virtual guest operating system for multiple IntelR Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. CVE-2018-12207 Impact A privileged guest user may use this flaw to induce a...