CVE-2020-9343

An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this...

CVE-2020-9343

CVE-2020-9343 affects signotec signoPAD-API/Web (Windows) prior to 3.1.1. The issue arises from unbounded parsing of nested JSON structures in WebSocket data, enabling a DoS when a victim visits an attacker‑controlled site and sends deeply nested JSON arrays. Affected component is the Websocket P...

CVE-2020-9343

An issue was discovered in signotec signoPAD-API/Web formerly Websocket Pad Server before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this...

Signotec signoPAD-API/Web Input Validation Error Vulnerability

Signotec signoPAD-API/Web is a web interface for integrating signotec signature pads from Signotec Germany. The product includes features such as document management and memory management. An input validation error vulnerability exists in Signotec signoPAD-API/Web versions prior to 3.1.1 Windows...

FreeBSD : FreeBSD -- Kernel memory disclosure with nested jails (6b90acba-6a0a-11ea-92ab-00163e433440)

A missing NUL-termination check for the jailset2 configration option 'osrelease' may return more bytes when reading the jail configuration back with jailget2 than were originally set. Impact : For jails with a non-default setting of children.max 0 'nested jails' a superuser inside a jail can crea...

FreeBSD-SA-20:08.jail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:08.jail Security Advisory The FreeBSD Project Topic: Kernel memory disclosure with nested jails Category: core Module: kern Announced: 2020-03-19 Credits:...

FreeBSD -- Kernel memory disclosure with nested jails

Problem Description: A missing NUL-termination check for the jailset2 configration option "osrelease" may return more bytes when reading the jail configuration back with jailget2 than were originally set. Impact: For jails with a non-default setting of children.max 0 "nested jails" a superuser...

USN-4303-1 linux, linux-aws, linux-kvm vulnerability

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested level 2 guest access the resources of a parent level 1 guest in certain situations. An attacker could use this to expose sensitive information...

USN-4303-2: Linux kernel (HWE) vulnerability

USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel...

USN-4303-2 linux-lts-xenial, linux-aws vulnerability

USN-4303-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel...

Ubuntu: Security Advisory (USN-4303-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4301-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

rails_admin ruby gem XSS vulnerability

RailsAdmin aka railsadmin before 1.4.3 and 2.x before 2.0.2 allows XSS via nested forms...

FreeBSD : librsvg2 -- multiple vulnabilities (b66583ae-5aee-4cd5-bb31-b2d397f8b6b3)

Librsvg2 developers reports : Backport the following fixes from 2.46.x : Librsvg now has limits on the number of loaded XML elements, and the number of referenced elements within an SVG document. This is to mitigate malicious SVGs which try to consume all memory, and those which try to consume an...

CVE-2020-8437

The bencoding parser in BitTorrent uTorrent through 3.5.5 build 45505 misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service...

MGASA-2020-0110 Updated kernel packages fix security vulnerability

This update is based on upstream 5.5.6 and fixes at least the following security vulnerability: A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervis...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5542)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5542 advisory. - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30847137 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5543)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5543 advisory. - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30944739 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function...

CVE-2020-2732

A flaw was found in the way KVM hypervisor handled instruction emulation for the L2 guest when nested=1 virtualization is enabled. In the instruction emulation, the L2 guest could trick the L0 hypervisor into accessing sensitive bits of the L1 hypervisor. An L2 guest could use this flaw to...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5540)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5540 advisory. - KVM: nVMX: Check IO instruction VM-exit conditions Oliver Upton Orabug: 30847136 CVE-2020-2732 - KVM: nVMX: Refactor IO bitmap checks into helper function...