CVE-2016-7170

Quick Emulator QEMU built with the VMware-SVGA chipset emulation support is vulnerable to an OOB stack memory write issue. It could occur while processing VGA commands in 'vmsvgafiforun' routine. A privileged user inside guest could use this flaw to crash the QEMU process resulting in DoS...

CVE-2019-5785

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3381-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-19767: Fixed ext4expandextraisize mishandles, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to...

Security Bulletin: Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-1000876 DESCRIPTION: binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can...

Security Bulletin: IBM ToolsCenter Dynamic System Analysis (DSA) Preboot is affected by multiple vulnerabilities.

Summary IBM ToolsCenter Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are...

Dell XPS 13 2-in-1 BIOS misconfiguration vulnerability

The Dell XPS 13 2-in-1 is a laptop computer from Dell USA.The BIOS is one of the basic input and output systems. A misconfiguration vulnerability exists in the Dell XPS 13 2-in-1 7390 BIOS versions prior to 1.1.3. A local attacker could exploit the vulnerability to read or write to main memory...

CVE-2019-19332

An out-of-bounds memory write issue was found in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device could use this flaw to crash the system, resulti...

Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write (cisco-sa-20180926-ir800-memwrite)

According to its self-reported version, Cisco IOS is affected by arbitrary memory write vulnerabilities in the embedded test subsystem due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An authenticated,...

DEBIAN-CVE-2019-19391

In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner states that...

UBUNTU-CVE-2019-19391

DISPUTED In LuaJIT through 2.0.5, as used in Moonjit before 2.1.2 and other products, debug.getinfo has a type confusion issue that leads to arbitrary memory write or read operations, because certain cases involving valid stack levels and options are mishandled. NOTE: The LuaJIT project owner...

CVE-2019-14842

Structured reply is a feature of the newstyle NBD protocol allowing the server to send a reply in chunks. A bounds check which was supposed to test for chunk offsets smaller than the beginning of the request did not work because of signed/unsigned confusion. If one of these chunks contains a...

PT-2020-16154 · Imagemagick +3 · Imagemagick +3

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.10-68 and 7.0.8-68 Description: The issue arises from an improper call to AcquireVirtualMemory and memset in the WriteOnePNGImage function of the PNG coder, allowing for an out-of-bounds write when...

Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2019-089)

According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - hw: Machine Check Error on Page Size Change IFU - hw: Intel GPU blitter manipulation can allow for...

hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write

A flaw was found in the Intel graphics hardware GPU, where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to th...

Important: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

RHEL 7 : kernel (RHSA-2019:3883)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3883 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: hw: Intel GPU blitter manipulation can allow fo...

RHEL 7 : kernel (RHSA-2019:3889)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:3889 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: hw: Intel GPU blitter manipulation can allow fo...

Scientific Linux Security Update : kernel on SL7.x x86_64 (20191114)

Security Fixes : - hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write CVE-2019-0155 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid131056; scriptversion"1.5";...

CentOS 7 : kernel (CESA-2019:3872)

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

hw: Intel GPU blitter manipulation can allow for arbitrary kernel memory write

A flaw was found in the Intel graphics hardware GPU, where a local attacker with the ability to issue commands to the GPU could inadvertently lead to memory corruption and possible privilege escalation. The attacker could use the GPU blitter to perform privilege MMIO operations, not limited to th...