Spidermonkey - IonMonkey Leaks JS_OPTIMIZED_OUT Magic Value to Script

IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be used to achieve memory corruption. Prerequisites Magic Values Spidermonkey represents JavaScript values with the C++ type JS::Value 1, which is a NaN-boxed value that c...

Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak Exploit

Spidermonkey IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be used to achieve memory corruption. Spidermonkey: IonMonkey leaks JSOPTIMIZEDOUT magic value to script Related CVE Numbers: CVE-2019-9792. TURN ON "CODE...

Spidermonkey IonMonkey JS_OPTIMIZED_OUT Value Leak

Spidermonkey: IonMonkey leaks JSOPTIMIZEDOUT magic value to script Related CVE Numbers: CVE-2019-9792. TURN ON "CODE FONT" IN THE TOP RIGHT TO CORRECTLY SEE THE CFGs! IonMonkey can, during a bailout, leak an internal JSOPTIMIZEDOUT magic value to the running script. This magic value can then be...

Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2017-16931, CVE-2017-16932)

Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in libxml2. Vulnerability Details Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in libxml...

Security Bulletin: Vulnerabilities in libxml2 affect Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows

Summary Intel Manycore Platform Software Stack Intel MPSS for Linux and Windows have addressed the following vulnerabilities in libxml2. Vulnerability Details Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerabilities in libxml2...

Security Bulletin: Vulnerability in glibc affects Intel® Manycore Platform Software Stack (Intel® MPSS) for Linux and Windows (CVE-2016-10228)

Summary IntelR Manycore Platform Software Stack IntelR MPSS for Linux and Windows have addressed the following vulnerability in glibc. Vulnerability Details Summary Intel® Manycore Platform Software Stack Intel® MPSS for Linux and Windows have addressed the following vulnerability in glibc...

Security Bulletin: Security Vulnerabilities in Network Time Protocol Daemon affect Intel Manycore Platform Software Stack for use on Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A, and Intel Xeon Phi 7120P PCI-Express add-in cards

Summary Security Vulnerabilities in Network Time Protocal Daemon affects the Intel Manycore Platform Software Stack for use on the Intel Xeon Phi PCI-Express add-in cards. Vulnerability Details Abstract Security Vulnerabilities in Network Time Protocal Daemon affects the Intel Manycore Platform...

Security Bulletin: Vulnerabilities in Bash affect multiple products shipped with Intelligent Cluster (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Information about security vulnerabilities affecting multiple products shipped as components of Intelligent Cluster has been published in security bulletins. Vulnerability Details Abstract Information about security vulnerabilities affecting multiple products shipped as components of...

Security Bulletin: GNU C library (glibc) vulnerability affects the Intel MPSS for use on the Intel Xeon Phi 3120A, Intel Xeon Phi 5110P, Intel Xeon Phi 7120A and Intel Xeon Phi 7120P PCI-Express add-in cards sold by IBM/Lenovo

Summary GNU C library glibc vulnerability that has been referred to as GHOST affects the Intel Manycore Platform Software Stack for use on the Intel Xeon Phi PCI-Express add-in cards. The Intel Manycore Platform Software Stack is available for free on Intel's website. This is not something...

Security Bulletin: OpenSSL Security Issues with Intel® MPSS for use on Intel Xeon Phi PCIe cards sold by IBM (CVE-2014-0076, CVE-2014-0195, CVE-2014-0198, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 and CVE-2010-5298)

Vulnerability Details Abstract This Security Bulletin discusses several security vulnerabilities that affect previous versions of Intel® Manycore Platform Software Stack Intel® MPSS for use on Intel Xeon Phi PCIe cards sold by IBM for use with IBM System x servers. Intel's coprocessors are...

Security Bulletin: Vulnerabilities in Bash affect certain Intel Xeon Phi PCIe cards supported in IBM System x servers (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278)

Summary Six Bash vulnerabilities were disclosed in September 2014. This bulletin addresses the vulnerabilities that have been referred to as "Bash Bug" or "Shellshock" and two memory corruption vulnerabilities. Bash is used by Intel MPSS Manycore Platform Software Stack used with the Intel Xeon P...

Fedora 28 : glibc (2018-916dfe0d86)

This update ensures that valgrind works again without installing glibc debuginfo packages RHBZ1570246. It also addresses a security vulnerability in the mempcpy implementation for the Intel Xeon Phi processors CVE-2018-11237, RHBZ1581275. Furthermore, the switch to libidn2 uses the final upstream...

Information disclosure

Medtronic CareLink 2090 Programmer CareLink 9790 Programmer 29901 Encore Programmer, all versions, The affected products do not encrypt or do not sufficiently encrypt the following sensitive information while at rest PII and PHI...

CVE-2018-18984

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest...

CVE-2018-18984

CVE-2018-18984 affects Medtronic CareLink and Encore Programmers (9790, 2090, 29901 Encore). The vulnerability is caused by missing or insufficient encryption of sensitive data (PII/PHI) at rest. Impact, as described, is potential exposure of PHI/PII to someone with physical access to the device....

CVE-2018-18984 Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers Missing Encryption of Sensitive Data

Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest...

Medtronic 9790, 2090 CareLink, and 29901 Encore Programmers

1. EXECUTIVE SUMMARY CVSS v3 4.6 ATTENTION: Low skill level to exploit Vendor: Medtronic Equipment: 9790 CareLink Programmer, 2090 CareLink Programmer, 29901 Encore Programmer Vulnerability: Missing Encryption of Sensitive Data 2. RISK EVALUATION As part of the intended functionality of this...

U.S. Dept Of Defense: Access to all █████████ files, including CAC authentication bypass

Summary: Due to an Insecure Direct Object Reference IDOR in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As described on ██████████ website, this includes documents with classifications up to FOUO, including PII / PHI...

CVE-2018-8849

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programme and 8870 N'Vision removable Application Card do not encrypt PII and PHI while at rest...

Design/Logic Flaw

Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician Programmer, all versions, and 8870 N'Vision removable Application Card, all versions does not encrypt PII and PHI while at rest...