RHEL 6 : kernel (RHSA-2018:2393)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2393 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: Modern operating systems implement...

[SECURITY] Fedora 28 Update: procps-ng-3.3.12-2.fc28

The procps package contains a set of system utilities that provide system information. Procps includes ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch and pwdx. The ps command displays a snapshot of running processes. The top command provides a repetitive update of the...

kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c

A flaw was found in the Linux kernel when freeing pages in hugetlbfs. This could trigger a local denial of service by crashing the kernel...

Digium Asterisk chan_skinny SCCP session Denial of Service (CVE-2017-17090)

A denial of service vulnerability exists in Digium Asterisk. The vulnerability is due to a processing flaw in the chanskinny SCCP packet processing module. A remote unauthenticated attacker can exploit this vulnerability by sending a flood of certain requests to asterisk and exhaust available...

Meltdown/Spectre Multiple Browsers Speculative Execution (CVE-2017-5715; CVE-2017-5753; CVE-2017-5754; CVE-2018-3639)

A CPU speculative execution vulnerability exists in multiple processors. A remote attacker can exploit this vulnerability using JavaScript code. Successful exploitation allows a remote attacker to read arbitrary virtual memory...

VMSA-2018-0002 : VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution. (Spectre)

Bounds Check bypass and Branch Target Injection issues CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to at worst arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Speculative...

VMware ESXi, Workstation and Fusion updates address side-channel analysis due to speculative execution.

Bounds-Check bypass and Branch Target Injection issues CPU data cache timing can be abused to efficiently leak information out of mis-speculated CPU execution, leading to at worst arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts. Speculative...

Asterisk DoS Vulnerability

Asterisk is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:digium:asterisk"; if...

CVE-2017-17090

An issue was discovered in chanskinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chanskinny aka SCCP protocol channel driver is flooded with certain requests, it can cause the asterisk process to use...

CVE-2017-17090

An issue was discovered in chanskinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chanskinny aka SCCP protocol channel driver is flooded with certain requests, it can cause the asterisk process to use...

CVE-2017-17090

An issue was discovered in chanskinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chanskinny aka SCCP protocol channel driver is flooded with certain requests, it can cause the asterisk process to use...

CVE-2017-17090

An issue was discovered in chanskinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chanskinny aka SCCP protocol channel driver is flooded with certain requests, it can cause the asterisk process to use...

Microsoft Programming Error is Behind Dangerous Kernel Bug, Researchers Claim

Researchers claim a programming error in the Microsoft Windows kernel cracks the door open for malicious executables to bypass security software. The flaw, according to security firm EnSilo, has been present on previous versions of Windows dating back to Windows 2000 and can be found on Windows 1...

The vulnerability of the AcquireVirtualMemory component in the console-based ImageMagick graphics editor allows a hacker to trigger a service failure.

The vulnerability of the AcquireVirtualMemory component in the console-based ImageMagick graphics editor is related to a memory leak. Exploiting this vulnerability can allow an attacker to cause a service failure memory consumption...

CVE-2016-7539

Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service memory consumption via unspecified vectors...

Deserialization of untrusted data

DISPUTED The xdrbytes and xdrstring functions in the GNU C Library aka glibc or libc6 2.25 mishandle failures of buffer deserialization, which allows remote attackers to cause a denial of service virtual memory allocation, or memory consumption if an overcommit setting is not used via a crafted U...

The vulnerability of the Linux operating system, which allows a perpetrator to trigger a service failure or cause other effects

The vulnerability in the drivers/net/usb/catc.c file of the Linux operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a local attacker to improperly interact with the CONFIGVMAPSTACK parameter, resulting in a service...

DEBIAN-CVE-2017-8067

drivers/char/virtioconsole.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more than...

DEBIAN-CVE-2017-8066

drivers/net/can/usb/gsusb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more than on...

UBUNTU-CVE-2017-8069

drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial of service system crash or memory corruption or possibly have unspecified other impact by leveraging use of more than one virtual pag...