CVE-2018-0360

CVE-2018-0360 : in ClamAV before 0.100.1, an integer overflow in Hangul Word Processor (HWP) parsing causes an infinite loop via the function parsehwp3_paragraph() in libclamav/hwp.c . Affected version range is up to 0.100.0; remediation is to upgrade to 0.100.1 or newer (as documented by multipl...

CVE-2018-0360

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3paragraph in libclamav/hwp.c...

CVE-2018-0360

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3paragraph in libclamav/hwp.c...

CVE-2018-1000208

MODX Revolution version =2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 139...

CVE-2018-1000208

MODX Revolution version =2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 139...

CVE-2018-1000208

MODX Revolution version =2.6.4 contains a Directory Traversal vulnerability in /core/model/modx/modmanagerrequest.class.php that can result in remove files. This attack appear to be exploitable via web request via security/login processor. This vulnerability appears to have been fixed in pull 139...

openssl: rsaz_1024_mul_avx2 overflow bug on x86_64

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...

openssl: bn_sqrx8x_internal carry bug on x86_64

There is a carry propagating bug in the x8664 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely...

SUSE-SU-2018:1945-1 Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2)

This update for the Linux Kernel 4.4.114-9264 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

CVE-2018-3667

Installation tool IPDT Intel Processor Diagnostic Tool 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation...

CVE-2018-3668

Unquoted service paths in Intel Processor Diagnostic Tool IPDT before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code...

CVE-2018-3668

Unquoted service paths in Intel Processor Diagnostic Tool IPDT before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code...

Information disclosure

Platform sample code firmware included with 4th Gen Intel Core Processor, 5th Gen Intel Core Processor, 6th Gen Intel Core Processor, and 7th Gen Intel Core Processor potentially exposes password information in memory to a local attacker with administrative privileges...

Code injection

Unquoted service paths in Intel Processor Diagnostic Tool IPDT before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code...

CVE-2018-3667

CVE-2018-3667 affects Intel IPDT (Intel Processor Diagnostic Tool) version 4.1.0.24, where the installation tool incorrectly sets permissions on installed files. This misconfiguration can enable execution of arbitrary code and elevate privileges on the host. Public sources in the provided set des...

CVE-2018-3652

Existing UEFI setting restrictions for DCI Direct Connect Interface in 5th and 6th generation Intel Xeon Processor E3 Family, Intel Xeon Scalable processors, and Intel Xeon Processor D Family allows a limited physical presence attacker to potentially access platform secrets via debug interfaces...

CVE-2018-3668

Unquoted service paths in Intel Processor Diagnostic Tool IPDT before version 4.1.0.27 allows a local attacker to potentially execute arbitrary code...

CVE-2018-3652

CVE-2018-3652 relates to UEFI DCI (Direct Connect Interface) restrictions on 5th/6th gen Intel Xeon E3, Xeon Scalable, and Xeon D processors. The issue could allow a limited physical presence attacker to access platform secrets via debug interfaces when DCI policy/UEFI controls are in effect. The...

CVE-2018-3668

CVE-2018-3668 concerns Intel’s Processor Diagnostic Tool (IPDT). Connected sources confirm an elevation of privilege via an unquoted service path in IPDT before version 4.1.0.27, allowing a local attacker to potentially execute arbitrary code. Affected software: IPDT prior to 4.1.0.27 (Windows en...

hw: cpu: speculative store bypass

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions a commonly used performance optimization. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the...