4026 matches found
PT-2020-5329 · Gnome +7 · Librsvg +7
Name of the Vulnerable Software and Affected Versions: librsvg versions prior to 2.46.2 Description: The issue is related to a denial of service caused by a crafted SVG file with nested patterns. This file, when processed by the library, can lead to an exponential growth in the number of final...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on upstream 4.4.105 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a...
Ubuntu: Security Advisory (USN-3484-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-3484-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 17.10 : linux, linux-raspi2 vulnerabilities (USN-3487-1)
It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2017-12188 It was...
USN-3484-3 linux-gcp vulnerability
It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS...
USN-3488-1 linux-azure vulnerability
It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS...
USN-3487-1: Linux kernel vulnerabilities
It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. CVE-2017-12188 It was...
Ubuntu 17.04 : linux, linux-raspi2 vulnerability (USN-3484-1)
It was discovered that the KVM subsystem in the Linux kernel did not properly keep track of nested levels in guest page tables. A local attacker in a guest VM could use this to cause a denial of service host OS crash or possibly execute arbitrary code in the host OS. Note that Tenable Network...
Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3469-2)
The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3469-2 advisory. USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1271)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested virtualisation is used, does not properly traverse guest pagetable entries to...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-3469-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3469-1 advisory. Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local...
USN-3469-2: Linux kernel (Xenial HWE) vulnerabilities
USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initializ...
USN-3469-2 linux-lts-xenial vulnerabilities
USN-3469-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Anthony Perard discovered that the Xen virtual block driver did not properly initializ...
USN-3469-1: Linux kernel vulnerabilities
Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs. CVE-2017-10911 Bo Zhang discovered tha...
Virtuozzo 7 : readykernel-patch (VZA-2017-098)
According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Linux kernel built with the KVM virtualisation support CONFIGKVM, with nested virtualisation nVMX feature enabled...
MGASA-2017-0386 Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink...
Updated kernel-tmb packages fix security vulnerabilities
This kernel-tmb update is based on upstream 4.4.92 and fixes at least the following security issues: A security flaw was discovered in nl80211setrekeydata function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netli...
Rails activerecord gem has Improper Input Validation vulnerability
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...
GHSA-FH39-V733-MXFR Active Record vulnerable to SQL Injection via nested query parameters
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query...