CVE-2019-19339

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure...

Code injection

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure...

drm graphics drivers -- potential information disclusure via local access

Intel reports: .A potential security vulnerability in IntelR Processor Graphics may allow information disclosure. Intel is releasing software updates to mitigate this potential vulnerability. Description: Insufficient control flow in certain data structures for some IntelR Processors with IntelR...

CVE-2019-19725

A double-free vulnerability was found in sysstat in the way the sadf command processes the contents of data files created by the sar command. Saved binary data files with support for extradesc structures may be vulnerable to this flaw. A remote attacker could exploit this flaw by creating a...

Pbtk - A Toolset For Reverse Engineering And Fuzzing Protobuf-based Apps

Protobuf is a serialization format developed by Google and used in an increasing number of Android, web, desktop and more applications. It consists of a language for declaring data structures , which is then compiled to code or another kind of structure depending on the target implementation. pbt...

kpatch: hw: incomplete fix for CVE-2018-12207

It was found that the Red Hat Enterprise Linux 8 kpatch update did not include the complete fix for CVE-2018-12207. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure...

SUSE SLES12 Security Update : xen (SUSE-SU-2019:3297-1)

This update for xen fixes the following issues : CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm bsc1158003 XSA-307. CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 bsc1158003 XSA-307. CVE-2019-19583: Fixed improper...

SUSE SLES12 Security Update : xen (SUSE-SU-2019:3296-1)

This update for xen fixes the following issues : CVE-2019-19581: Fixed a potential out of bounds on 32-bit Arm bsc1158003 XSA-307. CVE-2019-19582: Fixed a potential infinite loop when x86 accesses to bitmaps with a compile time known size of 64 bsc1158003 XSA-307. CVE-2019-19583: Fixed improper...

LEADTOOLS DICOM UI Parsing Code Execution Vulnerability

Summary An exploitable heap out of bounds write vulnerability exists in the UI tag parsing functionality of the DICOM image format of LEADTOOLS 20. A specially crafted DICOM image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An...

The vulnerability of the microprogramming software of Cisco Small Business RV016, Cisco Small Business RV042, Cisco Small Business RV042G, and Cisco Small Business RV082 allows a hacker to execute arbitrary code.

The vulnerability of the microprogrammed software of Cisco Small Business RV016, Cisco Small Business RV042, Cisco Small Business RV042G, and Cisco Small Business RV082 lies in the recovery of unreliable data structures in memory. Exploiting this vulnerability can allow an attacker operating...

Critical Flaw in GoAhead Web Server Could Affect Wide Range of IoT Devices

Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution...

CVE-2019-5096

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this reques...

CVE-2019-5096

CVE-2019-5096 is a use-after-free vulnerability in the GoAhead web server (Embedthis/Rockwell context) triggered by processing multipart/form-data. A specially crafted HTTP request (unauthenticated via GET/POST) can corrupt heap and lead to remote code execution. Affected GoAhead versions include...

EmbedThis GoAhead web server code execution vulnerability

Summary An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of thi...

Amazon Linux AMI : kernel (ALAS-2019-1322)

A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor,...

Amazon Linux 2 : kernel (ALAS-2019-1366)

A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor,...

hw: Machine Check Error on Page Size Change (IFU)

A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor,...

hw: Machine Check Error on Page Size Change (IFU)

A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor,...

Important: kernel

Issue Overview: A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host...

[SECURITY] Fedora 31 Update: kernel-headers-5.3.11-300.fc31

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...