Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Siemens CP 1604 6GK1160-4AT01 Communications processor

Binary data 764358.prm...

Siemens CP 1604 6GK1160-4AA01 Communications processor

Binary data 764357.prm...

Siemens CP 1616 6GK1161-6AA02 Communications processor

Binary data 764359.prm...

CVE-2018-12127

Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here:...

F5 Networks BIG-IP : OpenSSL and Intel processor SMT side-channel vulnerability (PortSmash) (K49711130)

The version of F5 Networks BIG-IP installed on the remote host is prior to 14.1.2.1 / 15.0.0. It is, therefore, affected by a vulnerability as referenced in the K49711130 advisory. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing...

USN-3977-2: Intel Microcode update

USN-3977-1 provided mitigations for Microarchitectural Data Sampling MDS vulnerabilities in Intel Microcode for a large number of Intel processor families. This update provides the corresponding updated microcode mitigations for Intel Cherry Trail and Bay Trail processor families. Original adviso...

Intel Xeon Scalable Processor and Intel Xeon Processor D Family Privilege Permission and Access Control Issues Vulnerability

Intel Xeon Scalable Processors and Intel Xeon Processor D Family are both products of Intel Corporation.Intel Xeon Scalable Processors is a scalable server central processing unit CPU.Intel Xeon Intel Xeon Scalable Processors are scalable server central processing units CPUs, and the Intel Xeon...

[SECURITY] Fedora 28 Update: qemu-2.11.2-5.fc28

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

Oracle CTI Web Service XML Injection

Exploit Title: Oracle CTI Web Service XML Entity Exp. Exploit Author: omurugur Author Web: https://www.justsecnow.com Author Social: @omurugurrr URL : http://10.248.68.188/EBSASSETHISTORYOPERATIONS As can be seen in the following request / response example, the xml entity expansion attack can be...

openSUSE Security Update : ucode-intel (openSUSE-2019-1408) (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

This update for ucode-intel fixes the following issues : This update contains the Intel QSR 2019.1 Microcode release boo1111331 CVE-2018-12126 CVE-2018-12130 CVE-2018-12127 CVE-2019-11091 Release notes : - Processor Identifier Version Products - Model Stepping F-MO-S/PI Old-New - ---- new platfor...

Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection

Exploit Title: Oracle CTI Web Service XML Entity Exp. Exploit Author: omurugur Author Web: https://www.justsecnow.com Author Social: @omurugurrr URL : http://server/EBSASSETHISTORYOPERATIONS As can be seen in the following request / response example, the xml entity expansion attack can be...

Fedora Update for qemu FEDORA-2019-6e146a714c

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Behind the Naming of ZombieLoad and Other Intel Spectre-Like Flaws

There was a lot more to the name game behind choosing titles for ZombieLoad, Spectre and Meltdown than picking cool and edgy attack titles. If you have ever wondered why they were named what they were, Threatpost tracked down one of the researchers behind the naming convention and discovery and...

Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis on-the vulnerability warning-the black bar safety net

Background understanding 5 March 15, the media exposed, security researchers at a month before the Intel chip found in the one called“ZombieLoad”the new vulnerability, this vulnerability may allow an attacker to obtain the current processor is processing the sensitive data. An attacker can exploi...

Security update for ucode-intel (important)

openSUSE Security Update: Security update for ucode-intel Announcement ID: openSUSE-SU-2019:1408-1 Rating: important References: 1104479 1111331 1129231 Cross-References: CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 CVE-2019-11091 Affected Products: openSUSE Leap 42.3 An update that fixes four...

Huawei eSpace Meeting 1.1.11.103 - cenwpoll.dll SEH Buffer Overflow (Unicode)

Huawei eSpace Meeting 1.1.11.103 - cenwpoll.dll SEH Buffer Overflow Unicode !/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected...

Fedora Update for qemu FEDORA-2019-0332a96d31

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-0126

Insufficient access control in silicon reference firmware for IntelR XeonR Scalable Processor, IntelR XeonR Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...

Improper access control

Insufficient access control in silicon reference firmware for IntelR XeonR Scalable Processor, IntelR XeonR Processor D Family may allow a privileged user to potentially enable escalation of privilege and/or denial of service via local access...