CVE-2018-8931

CVE-2018-8931 concerns AMD Ryzen/Ryzen Pro/Ryzen Mobile chips with insufficient access control on the Secure Processor (RYZENFALL-1). The connected sources confirm this as a hardware/software security issue affecting multiple Ryzen family parts and firmware/BIOS vectors. The IBM Power/OPAL firmwa...

AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon

AMD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices 'in the coming weeks.' According to CTS-Labs...

AMD Acknowledges Vulnerabilities, Will Roll Out Patches In Coming Week

AMD on Tuesday acknowledged several vulnerabilities that had been previously reported in its Ryzen and EPYC chips, and said that it would roll out firmware patches for those flaws in the coming weeks. The response comes a week after Israel-based CTS-Labs said that it has discovered 13 critical...

[SECURITY] Fedora 26 Update: zsh-5.3.1-7.fc26

The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell the Korn shell, but includes many enhancements. Zsh supports command line editing, built-in spelling correction, programmable command completion, shell...

Hyperbole Swirls Around AMD Processor Security Threat

Maybe it was the exaggerated threats against AMD’s business or the semi-unprofessional way the threats were brought to light but no matter — security start-up CTS-Labs claims of security holes in the chipmaker’s Ryzen and Epic processor lines are now being lambasted across the security community...

Moderate: Red Hat Security Advisory: libreoffice security update

An update for libreoffice is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

AMD Investigating Reports of 13 Critical Vulnerabilities Found in Ryzen, EPYC Chips

Researchers on Tuesday said they found several critical security vulnerabilities in various AMD chips, allegedly opening them up to attackers who want to steal sensitive data and install malware on AMD servers, workstations and laptops. Israel-based CTS-Labs said that it has discovered 13 critica...

Emerson ControlWave Micro Process Automation Controller Buffer Overflow Vulnerability

ControlWave Micro is a highly programmable controller that combines the unique features of a Programmable Logic Controller PLC and a Remote Terminal Unit RTU in one hybrid controller. A buffer overflow vulnerability exists in the Emerson ControlWave Micro Process Automation Controller, which can ...

Wireshark DMP Parser Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a suite of network packet analysis software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis.DMP dissector is one of the DMP communication system parsers. A security...

[SECURITY] Fedora 27 Update: libreoffice-5.4.5.1-1.fc27

LibreOffice is an Open Source, community-developed, office productivity sui te. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites...

Cyber resilience for the modern enterprise

Many organizations are undergoing a digital transformation that leverages a mix of cloud and on-premises assets to increase business efficiency and growth. While increased dependence on technology is necessary for this transformation, and to position the business for success, it does pose risks...

Trend Micro Control Manager SQL Injection Remote Code Execution Vulnerability

Trend Micro Control Manager provides forward-looking, comprehensive threat protection with centralized management for security updates, patch deployment, coordinated response, and remote management capabilities that support Trend Micro products and services. An AdHocQueryProcessor SQL Injection...

CVE-2018-3602

An AdHocQueryProcessor SQL injection remote code execution RCE vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to execute arbitrary code on vulnerable installations...

What You Should Know About Side-Channel Attacks, Like Meltdown

“The light is on in their window. They must be home.” This is a classic example of a side information channel. They didn’t TELL you they were home. But the side effect of them being home in the evening is the light in the window — which is how you’re pretty sure they are home even though this...

powerpc and Intel i386 GNU C Library Integer Overflow Vulnerability

The powerpc is a compact instruction set architecture CPU central processing unit.The Intel i386 is an x86 series CPU central processing unit from Intel Corporation.The GNU C Library aka glibc, libc6 is one of the open source, freeware C language compilers released under the LGPL license. An...

USN-3561-1 libvirt update

It was discovered that microprocessors utilizing speculative execution and branch prediction may allow unauthorized memory reads via sidechannel attacks. This flaw is known as Spectre. An attacker in the guest could use this to expose sensitive guest information, including kernel memory. This...

Intel Q3’17 ME 6.x/7.x/8.x/9.x/10.x/11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update

Summary: In response to issues identified by external researchers, Intel has performed an in-depth comprehensive security review of our Intel® Management Engine ME, Intel® Server Platform Services SPS, and Intel® Trusted Execution Engine TXE with the objective of enhancing firmware resilience. As...

Semrush: XXE in Site Audit function exposing file and directory contents

Summary: The Project Site Audit function is vulnerable to XXE when parsing sitemap.xml files. Description: The Site Audit function spiders a given website and performs analysis on the discovered pages. In order to improve website spidering the URL of a sitemap.xml file can be provided. If provide...

jboss-remoting: High CPU Denial of Service

A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop...

CVE-2018-5787

An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x before 5.8.6.9 and 5.9.x before 5.9.1.3. There is a Remote, Unauthenticated Stack Overflow in the RIM Radio Interface Module process running on the WiNG Access Point via crafted packets...