Intel processors’ vulnerabilities that allow attackers to disclose protected information

The vulnerability of Intel processors is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to disclose protected information...

hw: Fast forward store predictor

A flaw was found in the CPU microarchitecture where a local attacker is able to abuse a timing issue which may allow them to infer internal architectural state from previous executions on the CPU...

The vulnerability of the implementation of the Intel Transactional Synchronization Extensions (TSX) technology in microprogramming software for Intel processors allows a hacker to disclose protected information.

The vulnerability of the Intel Transactional Synchronization Extensions TSX implementation in Intel microcomputer software is related to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose sensitive information by launching attacks through...

USN-4186-3 linux vulnerability

USN-4186-1 fixed vulnerabilities in the Linux kernel. It was discovered that the kernel fix for CVE-2019-0155 i915 missing Blitter Command Streamer check was incomplete on 64-bit Intel x86 systems. This update addresses the issue. We apologize for the inconvenience. Original advisory details:...

November 12, 2019—KB4525233 (Security-only update)

November 12, 2019—KB4525233 Security-only update IMPORTANT Verify that you have installed the required updates listed in the How to get this update section before installing this update. IMPORTANT Customers who have purchased the Extended Security Update ESU for on-premises versions of some...

November 12, 2019—KB4523205 (OS Build 17763.864)

November 12, 2019—KB4523205 OS Build 17763.864 Note This release also contains updates for Microsoft HoloLens OS Build 17763.865 released November 12, 2019. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have...

The vulnerability of NVIDIA GeForce, Quadro, and Tesla graphics processors’ software allows attackers to disclose protected information.

The vulnerability of NVIDIA GeForce, Quadro, and Tesla graphics processors relates to the lack of protection for service data. Exploiting this vulnerability can allow attackers to disclose protected information...

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

Intel CPU Spoiler vulnerability alerts-a vulnerability alert-the black bar safety net

Spoiler is the researchers found that the impact of the Intel microprocessor architecture of a speculative attack a speculative attack is a new microprocessor disclosure vulnerability that leaks is about the physical page to the user space process mapping of key information. Spoiler with 2018 1 o...

Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools (CNVD-2019-28458)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PeopleTools is one of the tools and technology platform components that...

Fedora 28 : glibc (2018-916dfe0d86)

This update ensures that valgrind works again without installing glibc debuginfo packages RHBZ1570246. It also addresses a security vulnerability in the mempcpy implementation for the Intel Xeon Phi processors CVE-2018-11237, RHBZ1581275. Furthermore, the switch to libidn2 uses the final upstream...

CVE-2018-7096

A security vulnerability was identified in 3PAR Service Processor SP prior to SP-4.4.0.GA-110MU7. The vulnerability may be exploited remotely to allow code execution...

NetSpectre — New Remote Spectre Attack Steals Data Over the Network

A team of security researchers has discovered a new Spectre attack that can be launched over the network, unlike all other Spectre variants that require some form of local code execution on the target system. Dubbed "NetSpectre," the new remote side-channel attack, which is related to Spectre...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...

Multiple Cisco Products NX-OS Software SNMP Denial of Service Vulnerabilities

Cisco Nexus 2000 Series Switches are products of Cisco Corporation.Cisco Nexus 2000 Series Switches are switch devices.Fabric Modules are switch matrix modules.NX-OS Software is a set of data center-grade operating system software for the switches.Simple Network Management Protocol SNMP input...

The vulnerability of the FTP URI processor of the software tool for interacting with servers via cURL allows a hacker to induce a service failure.

The vulnerability of the FTP URI handler of the software interface to interactions with servers via cURL arises due to buffer overflows. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

hw: cpu: speculative execution permission faults handling

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

The vulnerability of the AMD Secure Processor technology in processors like Ryzen, Ryzen Pro, and Ryzen Mobile allows for writing to the secure area of the processor.

The vulnerability of the AMD Secure Processor-based processors, including Ryzen, Ryzen Pro, and Ryzen Mobile, is related to deficiencies in the implementation of security functions. Exploiting this vulnerability allows an attacker who has access to the targeted computer and possesses administrato...

The vulnerability of AMD Secure Processor technology in Ryzen and Ryzen Pro processors allows for reading from the protected area of the processor.

The vulnerability of AMD Secure Processor-based Ryzen and Ryzen Pro processors lies in the implementation flaws of security functions. Exploiting this vulnerability allows an attacker with access to the targeted computer and administrative privileges to read from the protected areas of the...

AMD Ryzen, Ryzen Pro and Ryzen Mobile File Write Vulnerability

AMD Ryzen, Ryzen Pro, and Ryzen Mobile are central processing unit CPU products from AMD in the United States. A security vulnerability exists in AMD Ryzen, Ryzen Pro, and Ryzen Mobile, which arises from a program that makes it difficult to perform adequate access control on the Secure Processor...