EulerOS Virtualization 2.5.1 : kernel (EulerOS-SA-2018-1267)

According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

The vulnerability of the mptcp_usr_connectx function in the kernels of operating systems such as Mac OS X, iOS, tvOS, and watchOS allows a hacker to execute arbitrary code in a privileged context.

The vulnerability of the mptcpusrconnectx function in the kernels of operating systems such as Mac OS X, iOS, tvOS, and watchOS arises due to buffer overflows. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a privileged context using a specially created...

EulerOS 2.0 SP2 : java-1.7.0-openjdk (EulerOS-SA-2018-1192)

According to the version of the java-1.7.0-openjdk packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load i1/4+ Sto...

Microsoft Windows HIDParser Elevation of Privilege Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by Microsoft Corporation in the U.S. Microsoft Windows 10 is a set of operating systems for personal computers.Windows Server 2016 is a set of server operating systems.HIDParser is one of the HID HIDParser is one of the HI...

Amazon Linux 2 : java-1.7.0-openjdk (ALAS-2018-1037) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Amazon Linux AMI : java-1.8.0-openjdk (ALAS-2018-1039) (Spectre)

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

CVE-2018-4242

An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Hypervisor" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

CVE-2018-4167

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the "File System Events" component. A race condition allows attackers to execute arbitrary code in a...

CVE-2018-4139

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

CVE-2018-4151

An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. The issue involves the "iCloud Drive" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app...

CVE-2017-13827

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "kext tools" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app that performs kext loading...

The vulnerability of the Remote Management component of the Mac OS X operating system allows a hacker to trigger a maintenance failure or execute arbitrary code in a privileged context.

The vulnerability of the Remote Management component of the Mac OS X operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged context, or trigger a service failure...

Virtuozzo 6 : parallels-server-bm-release / vzkernel / etc (VZA-2018-002)

According to the versions of the parallels-server-bm-release / vzkernel / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the...

hw: cpu: speculative execution branch target injection

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

The vulnerability of the Wi-Fi component of the iOS operating system allows a hacker to trigger a service failure or execute arbitrary code in a privileged context.

The vulnerability of the iOS operating system’s Wi-Fi component arises from an operation that goes beyond the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in privileged context or cause a service failure memory corruption by using specially...

CVE-2017-13800

An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "APFS" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service memory corruption via a crafted app...

The vulnerability of the ACL component of the NoviWare operating system allows a attacker to gain access to the network interface of the novi_process_manager_daemon service and execute arbitrary code in privileged mode on the switch.

The vulnerability of NoviWare’s operating system component stems from the improper handling of unserialized network packets, which leads to buffer overflows on the stack. Exploiting this vulnerability allows a malicious actor to execute arbitrary code during the application of ACL modifications,...

The vulnerability of the Kernel component in iOS and Mac OS X operating systems allows a hacker to trigger a service failure or execute arbitrary code in a privileged context.

The vulnerability of the Kernel component in iOS and Mac OS X operating systems arises from the execution of an operation outside the buffer in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in a privileged context, or to cause a service failure memory...