Google Android has an unspecified vulnerability (CNVD-2018-10118)

Android is a Linux-based open-source operating system jointly developed by Google and the Open Handheld Alliance OHA for short, and Qualcomm MDM9206 and other central processing unit CPU products from Qualcomm are used in different platforms. A security vulnerability exists in the Qualcomm...

CVE-2018-0228

A vulnerability in the ingress flow creation functionality of Cisco Adaptive Security Appliance ASA could allow an unauthenticated, remote attacker to cause the CPU to increase upwards of 100% utilization, causing a denial of service DoS condition on an affected system. The vulnerability is due t...

Zulip Server Cross-Site Scripting Vulnerability (CNVD-2018-08600)

Zulip Server is a set of open source group chat application written in Python based on the Django framework . frontend markdown processor is one of the front-end markdown markup language processor . A cross-site scripting vulnerability exists in the frontend markdown processor in Zulip Server...

Cross site scripting

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...

CVE-2018-9986

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...

CVE-2018-9986

In Zulip Server versions before 1.7.2, there were XSS issues with the frontend markdown processor...

[SECURITY] Fedora 28 Update: zsh-5.5-1.fc28

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell...

DEBIAN-CVE-2018-10111

An issue was discovered in GEGL through 0.3.32. The renderrectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service application crash upon allocation failure...

APT Trends report Q1 2018

In the second quarter of 2017, Kaspersky's Global Research and Analysis Team GReAT began publishing summaries of the quarter's private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on...

Denial of Service Vulnerability in Tengen Controls T920 PLCs

T-920 Programmable Logic Controller PLC is a product in the T9 series Programmable Logic Controller PLC series of China TengControl Technology TENGCONTROL TECHNOLOGY. The product is widely used in tobacco, petrochemical, water and other important industrial control site. A denial of service...

Spring Data Commons Denial of Service Vulnerability

Spring Data is a project module in the Spring Framework that provides access to the underlying data , Spring Data Commons is a shared base module . A denial of service vulnerability exists in Spring Data Commons. Because the Spring Data Commons module does not limit resource allocation when parsi...

qemu: DoS via large option request

The Network Block Device NBD server in Quick Emulator QEMU, is vulnerable to a denial of service issue. It could occur if a client sent large option requests, making the server waste CPU time on reading up to 4GB per request. A client could use this flaw to keep the NBD server from serving other...

hw: cpu: speculative execution permission faults handling

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly used performance optimization. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant...

Unsafe Opcodes exposed in Intel SPI based products

Summary: Configuration of SPI Flash in platforms based on multiple Intel CPUs allows a local attacker to alter the behavior of the SPI Flash, potentially leading to a Denial of Service. This issue has been root-caused, and the mitigation has been validated and is available. Description:...

[SECURITY] Fedora 28 Update: jackson-databind-2.9.4-3.fc28

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

AMD Ryzen and Ryzen Pro Arbitrary Code Execution Vulnerability

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the United States. A security vulnerability exists in AMD Ryzen and Ryzen Pro that originates from a program that makes it difficult to perform adequate access control on Secure Processor. An attacker could exploit...

AMD Ryzen, Ryzen Pro and Ryzen Mobile File Write Vulnerability

AMD Ryzen, Ryzen Pro, and Ryzen Mobile are central processing unit CPU products from AMD in the United States. A security vulnerability exists in AMD Ryzen, Ryzen Pro, and Ryzen Mobile, which arises from a program that makes it difficult to perform adequate access control on the Secure Processor...

AMD Ryzen and Ryzen Pro Promontory chipset code execution vulnerability

AMD Ryzen and Ryzen Pro are both central processing unit CPU products from AMD in the U.S. Promontory chipset is one of these chipsets. The Promontory chipset used in AMD Ryzen and Ryzen Pro has a security vulnerability that stems from a backdoor in the firmware. An attacker could exploit the...

CVE-2018-1091

In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory TM...

DEBIAN-CVE-2018-1091

In the flushtmregstothread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory TM...