Amazon Linux 2 : kernel (ALAS-2020-1392)

The version of kernel installed on the remote host is prior to 4.14.165-131.185. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1392 advisory. 2024-05-09: CVE-2019-19965 was added to this advisory. A flaw was found in the Linux kernel. The cryptoreport...

Amazon Linux AMI : kernel (ALAS-2020-1338)

The version of kernel installed on the remote host is prior to 4.14.165-102.185. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1338 advisory. 2024-05-09: CVE-2019-19965 was added to this advisory. A flaw was found in the Linux kernel. The cryptoreport...

UBUNTU-CVE-2020-8517

An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in extlmgroupacl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated...

CVE-2019-19273

On Samsung mobile devices with O8.0 and P9.0 software and an Exynos 8895 chipset, RKP aka the Samsung Hypervisor EL2 implementation allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265...

CVE-2019-19273

On Samsung mobile devices with O8.0 and P9.0 software and an Exynos 8895 chipset, RKP aka the Samsung Hypervisor EL2 implementation allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265...

CVE-2019-19273

The CVE-2019-19273 entry concerns Samsung devices with O(8.0)/P(9.0) and Exynos 8895 where RKP (Samsung Hypervisor EL2) permits arbitrary memory write operations. The affected component is the Samsung Hypervisor EL2 implementation (RKP) running on vulnerable Exynos-based Android variants. Underly...

Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2018-1426)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2019-1429)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:0093-1)

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-20095: mwifiextmcmd in drivers/net/wireless/marvell/mwifiex/cfg80211.c had some error-handling cases that did not free allocated hostcmd memory. Th...

Design/Logic Flaw

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device...

CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device...

CVE-2019-19332

CVE-2019-19332 affects the Linux kernel KVM implementation (x86) with an out-of-bounds memory write in handling the KVM_GET_EMULATED_CPUID ioctl, enabling a local user with access to /dev/kvm to crash the system (DoS). Affected range is kernels 3.13–5.4. Root cause described as a missing/bounds-c...

CVE-2019-19332

An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel's KVM hypervisor handled the 'KVMGETEMULATEDCPUID' ioctl2 request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the '/dev/kvm' device...

CVE-2019-3863

A flaw was found in libssh2. A server could send a multiple keyboard interactive response messages, whose total length are greater than the unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error. The highest threat from this...

CVE-2016-7170

Quick Emulator QEMU built with the VMware-SVGA chipset emulation support is vulnerable to an OOB stack memory write issue. It could occur while processing VGA commands in 'vmsvgafiforun' routine. A privileged user inside guest could use this flaw to crash the QEMU process resulting in DoS...

CVE-2019-5785

Incorrect convexity calculations in Skia in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2019:3381-1)

The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2019-19767: Fixed ext4expandextraisize mishandles, as demonstrated by use-after-free errors in ext4expandextraisize and ext4xattrsetentry, related to...

Security Bulletin: Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local

Summary Multiple Vulnerabilities in GNU binutils affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2018-1000876 DESCRIPTION: binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfdgetdynamicrelocupperbound,bfdcanonicalizedynamicreloc that can...

Security Bulletin: IBM ToolsCenter Dynamic System Analysis (DSA) Preboot is affected by multiple vulnerabilities.

Summary IBM ToolsCenter Dynamic System Analysis DSA Preboot has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2019-3863 DESCRIPTION: A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are...

Dell XPS 13 2-in-1 BIOS misconfiguration vulnerability

The Dell XPS 13 2-in-1 is a laptop computer from Dell USA.The BIOS is one of the basic input and output systems. A misconfiguration vulnerability exists in the Dell XPS 13 2-in-1 7390 BIOS versions prior to 1.1.3. A local attacker could exploit the vulnerability to read or write to main memory...