1574 matches found
Speculative Code Store Bypass (SCSB) and Floating-Point Value Injection (FPVI) Advisory - Lenovo Support US
No description provided...
CVE-2020-28588
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...
DEBIAN-CVE-2020-28588
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...
CVE-2020-28588
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0 and is still present in v5.10-rc4, so it’s likely that all...
CVE-2020-28588
The CVE-2020-28588 information disclosure exists in the Linux Kernel /proc/pid/syscall interface for 5.1 Stable through 5.4.66, introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and still present in 5.10-rc4. An attacker can read /proc/pid/syscall to trigger memory contents...
Linux/x86 - setreuid(0) + execve(/bin/sh) Shellcode (29 bytes)
/ Author: Artur ajes Szymczak 2021 Function: Linux x86 shellcode, setreuid to 0 and then execute /bin/sh Size: 29 bytes Testing: $ gcc -fno-stack-protector -z execstack shellcodetester.c -o shellcode shellcodetester.c: In function ‘main’: shellcodetester.c:25:2: warning: incompatible implicit...
Designing sockfuzzer, a network syscall fuzzer for XNU
Posted by Ned Williamson, Project Zero Introduction When I started my 20% project – an initiative where employees are allocated twenty-percent of their paid work time to pursue personal projects – with Project Zero, I wanted to see if I could apply the techniques I had learned fuzzing Chrome to...
SUSE: Security Advisory (SUSE-SU-2018:1031-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1009-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1008-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1010-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:0993-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1005-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:0834-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2018:1014-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GO-2020-0007 Improper input validation in github.com/seccomp/libseccomp-golang
Filters containing rules with multiple syscall arguments are improperly constructed, such that all arguments are required to match rather than any of the arguments AND is used rather than OR. These filters can be bypassed by only specifying a subset of the arguments due to this behavior...
Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4751-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4751-1 advisory. It was discovered that the console keyboard driver in the Linux kernel contained a race condition. A local attacker could use this to expose sensitive...
Information Disclosure
kernel is vulnerable to information disclosure, A local user with CAPNETADMIN can attach an ebpf filter to setsockopt syscall. This filter can be triggered under the right conditions to leak kernel internal information and allows an attacker to determine the layout of information in kernel memory...
CVE-2020-11221
Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,...
Information disclosure
Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insufficient checks in the syscall handler and leads to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT,...