qemu security update

12:2.9.0-19.el7 - lsi53c895a: convert to trace-events Mark Cave-Ayland Orabug: 28205376 - lsi: Reselection needed to remove pending commands from queue George Kennedy Orabug: 28626490 - lsi53c895a: check message length value is valid Prasad J Pandit Orabug: 28873208 CVE-2018-18849 - 9p: fix QEMU...

Design/Logic Flaw

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service block pool overflow via malformed Wi-Fi packets during identification of available Wi-Fi networks...

CVE-2019-6496

The ThreadX-based firmware on Marvell Avastar Wi-Fi devices, models 88W8787, 88W8797, 88W8801, 88W8897, and 88W8997, allows remote attackers to execute arbitrary code or cause a denial of service block pool overflow via malformed Wi-Fi packets during identification of available Wi-Fi networks...

CVE-2019-2490

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Panel Processor. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

CVE-2019-2490

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Panel Processor. Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools (CNVD-2019-28458)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise PeopleTools is one of the tools and technology platform components that...

CVE-2019-0001

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon bbe-smgd, and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result...

The Elite Intel Team Still Fighting Meltdown and Spectre

One year after a pair of devastating processor vulnerabilities were first disclosed, Intel's still dealing with the fallout...

Fedora 28 : glibc (2018-916dfe0d86)

This update ensures that valgrind works again without installing glibc debuginfo packages RHBZ1570246. It also addresses a security vulnerability in the mempcpy implementation for the Intel Xeon Phi processors CVE-2018-11237, RHBZ1581275. Furthermore, the switch to libidn2 uses the final upstream...

Digia Qt Uncontrolled Resource Consumption Vulnerability

Digia Qt is a cross-platform C++ application development framework from Digia Finland. The framework can be used to develop GUI programs. A security vulnerability exists in QTgaFile in Digia Qt versions prior to 5.11.3. An attacker can exploit the vulnerability to cause CPU exhaustion...

QEMU Null Pointer Backward Reference Vulnerability

QEMU aka Quick Emulator is a set of simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A null pointer reverse-reference vulnerability exists in QEMU, which stems from the program's failure to specify a routine to handle the...

Power Management Controller (PMC) Security Advisory

Summary: A potential security vulnerability in power management controller firmware may allow escalation of privilege and/ or information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details CVEID: CVE-2018-3643 Description: A vulnerabili...

DEBIAN-CVE-2018-19967

An issue was discovered in Xen through 4.11.x on Intel x86 platforms allowing guest OS users to cause a denial of service host OS hang because Xen does not work around Intel's mishandling of certain HLE transactions associated with the KACQUIRE instruction prefix...

[SECURITY] Fedora 29 Update: qemu-3.0.0-2.fc29

QEMU is a generic and open source processor emulator which achieves a good emulation speed by using dynamic translation. QEMU has two operating modes: Full system emulation. In this mode, QEMU emulates a full system for example a PC, including a processor and various peripherials. It can be used ...

CVE-2018-4040

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a...

CVE-2018-4040

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a...

CVE-2018-4040

The CVE-2018-4040 issue affects Atlantis Word Processor versions 3.2.7.1 and 3.2.7.2, with a root cause described as an uninitialized pointer in the Rich Text Format (RTF) parser leading to heap corruption and potential code execution when a victim opens a crafted document. Cisco Talos’ advisory ...

CVE-2018-4040

An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a...

Out-of-bounds

An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a...

CVE-2018-4039

An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a...