CVE-2020-11669

A flaw was found in the way Linux kernel running on the Power9 processor saves and restores its registers while going in and coming out of an idle state. The issue occurs when a guest kernel has Kernel Userspace Address Protection KUAP feature enabled. The idlebook3s function does not save and...

Design/Logic Flaw

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don't contain a memory barrier. On Arm, this means a processor is allowed to...

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...

Denial Of Service (DoS)

kernel is vulnerable to denial of service. A flaw was found in the way the Xen hypervisor implementation handled instruction emulation during virtual machine exits. A malicious user-space process running in an SMP guest could trick the emulator into reading a different instruction than the one th...

Denial Of Service (DoS)

kernel is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the Xen hypervisor implementation when using the Intel Itanium architecture, allowing guests to enter an unsupported state. An unprivileged guest user could trigger this flaw by setting the BE Big Endia...

xHCI driver crashes after you resume computer from sleep mode in Windows 8.1 or Windows Server 2012 R2

xHCI driver crashes after you resume computer from sleep mode in Windows 8.1 or Windows Server 2012 R2 This article describes an issue that occurs when you resume a computer from sleep mode in Windows 8.1 or Windows Server 2012 R2. You can resolve this issue by using the update or hotfix in this...

Description of Update Rollup 4 for System Center 2012 Operations Manager Service Pack 1

Description of Update Rollup 4 for System Center 2012 Operations Manager Service Pack 1 Symptoms Issues that Update Rollup 4 fixes are as follows. Operations Manager KB2880799 Issue 1 Windows PowerShell scripts or modules cannot be executed in an AllSigned environment. Symptom You receive the...

CVE-2018-12126

Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA STore Address and STD STore Data sub-operations. These sub-operations allow the processor to hand-off address generation...

Update Rollup 3 for System Center 2016 Operations Manager

Update Rollup 3 for System Center 2016 Operations Manager Introduction This article describes the issues that are fixed in Update Rollup 3 for Microsoft System Center 2016 Operations Manager. This article also contains the installation instructions for this update. Issues that are fixed When you...

CVE-2020-8834

A flaw was found in the way the KVM hypervisor on the Power8 processor stores the r1 register state in the 'HSTATEHOSTR1' field on the Linux kernel stack. This flaw occurs while handling hypercalls in Transactional Memory TM suspend mode in the kvmppcsavetm and kvmppcrestoretm routines, leading t...

CVE-2018-9056

BranchScope is a new class of attack which leverages functioning of the Branch Prediction Unit BPU of a processor to infer/leak sensitive process information, which is involved in the branch decision making if x x ^ y; else x & y;. In this, BranchScope side-channel could help to infer 'x', by...

cubx-http-server (=0.4.2), karma-extjs-jasmine-tester (>=1.0.0 <=1.1.3) +5 more potentially affected by CVE-2019-10775 via ecstatic (>=3.1.1 <=3.3.0)

ecstatic NPM version =3.1.1, =1.0.0, =0.1.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.2.1 Source cves: CVE-2019-10775 Source advisory: OSV:GHSA-9Q64-MPXX-87FG...

CVE-2017-5651

In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the processor cache twice. This could result in t...

qt5-qtimageformats: QTgaFile CPU exhaustion

An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontrolled Resource Consumption...

ImageMagick: CPU exhaustion vulnerability in function ReadDDSInfo in coders/dds.c

ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service...

macOS 10.15.x < 10.15.4 / 10.14.x < 10.14.6 Security Update 2020-002 / 10.13.x < 10.13.6 Security Update 2020-002

The remote host is running a version of macOS / Mac OS X that is 10.13.x prior to 10.13.6 Security Update 2020-002, 10.14.x prior to 10.14.6 Security Update 2020-002, or 10.15.x prior to 10.15.4. It is, therefore, affected by multiple vulnerabilities : - Insufficient control flow in certain data...

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2020-1308)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HTTP/2: request for large response leads to denial of service

A vulnerability was found in HTTP/2. An attacker can open a HTTP/2 window so the peer can send without constraint. The TCP window remains closed so the peer cannot write the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the server's...

Ubuntu: Security Advisory (USN-4302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for the (openSUSE-SU-2020:0336-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...