Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4319-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4319-1 advisory. It was discovered that the IPMI message handler implementation in the Linux kernel did not properly deallocate memory in certain situations. A local...

USN-4302-1: Linux kernel vulnerabilities

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information. CVE-2020-2732 Gregory Herrero discovere...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel vulnerabilities (USN-4302-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4302-1 advisory. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the...

Ubuntu: Security Advisory (USN-4302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2019-10595

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

Buffer overflow

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2019-10595

CVE-2019-10595 is a Qualcomm/Qualcomm WLAN issue affecting Snapdragon components (e.g., APQ8009, APQ8053, APQ8064, IPQ4019, MDM9206, SDM660, QCA9880, etc.) where a lack of validation of the tid value parsed from firmware packets can cause a buffer overwrite in the message handler. The vulnerabili...

CVE-2019-10595

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2019-10563

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053...

Input validation

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053...

CVE-2019-10563

CVE-2019-10563 describes a buffer over-read in the fast message handler when processing a firmware message in Qualcomm Snapdragon firmware across multiple platforms (APQ8053, APQ8096AU, MSM8996AU, MSM8998, QCN7605, QCS405, QCS605, SDA660, SDM636, SDM660, SDX20, SDX24, etc.). Root cause: improper ...

CVE-2019-10563

Buffer over-read can occur in fast message handler due to improper input validation while processing a message from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053...

Linux kernel resource management error vulnerability (CNVD-2019-41704)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A resource management error vulnerability exists in the 'the ipmibmcregister' function in the drivers/char/ipmi/ipmimsghandler.c file in Linux kernel 5.3.11 and earlie...

CVE-2019-19046

A memory leak in the ipmibmcregister function in drivers/char/ipmi/ipmimsghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering idasimpleget failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this becau...

UBUNTU-CVE-2019-19046

A memory leak in the ipmibmcregister function in drivers/char/ipmi/ipmimsghandler.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering idasimpleget failure, aka CID-4aa7afb0ee20. NOTE: third parties dispute the relevance of this becau...

Slanger Message handler&request validator command execution vulnerability

Slanger is an open source server implementation of the Pusher protocol written in Ruby.Message handler&request validator is one of the message handler and request validator . A security vulnerability exists in the Message handler&request validator in Slanger version 0.6.0. A remote attacker can...

Slanger Arbitrary command execution

Slanger 0.6.0 is affected by Remote Code Execution RCE. The impact is A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is Message handler & request validator. The attack vector is Remote unauthenticated. The fixed version is after commit...

GHSA-RG32-M3HF-772V Slanger Arbitrary command execution

Slanger 0.6.0 is affected by Remote Code Execution RCE. The impact is A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is Message handler & request validator. The attack vector is Remote unauthenticated. The fixed version is after commit...

CVE-2019-1010306

Slanger 0.6.0 is affected by: Remote Code Execution RCE. The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after...

CVE-2019-1010306

Slanger 0.6.0 is affected by: Remote Code Execution RCE. The impact is: A remote attacker can execute arbitrary commands by sending a crafted request to the server. The component is: Message handler & request validator. The attack vector is: Remote unauthenticated. The fixed version is: after...