Berkeley-AL20, Berkeley-BD Security Vulnerabilities

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers (CASB). The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security.....

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers (CASB). The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security.....

(RHSA-2021:0727) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Fedora: Security Advisory for bind (FEDORA-2021-28f97e232d)

The remote host is missing an update for...

Fedora: Security Advisory for bind (FEDORA-2021-0595625865)

The remote host is missing an update for...

EulerOS Virtualization for ARM 64 3.0.6.0 : libdb (EulerOS-SA-2021-1555)

According to the version of the libdb packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to...

[SECURITY] Fedora 32 Update: bind-9.11.28-1.fc32

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

[SECURITY] Fedora 33 Update: bind-9.11.28-1.fc33

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS.....

CentOS: Security Advisory for bind (CESA-2021:0671)

The remote host is missing an update for...

Fuzzing Image Parsing in Windows, Part Two: Uninitialized Memory

Continuing our discussion of image parsing vulnerabilities in Windows, we take a look at a comparatively less popular vulnerability class: uninitialized memory. In this post, we will look at Windows’ inbuilt image parsers—specifically for vulnerabilities involving the use of uninitialized memory......

bind security update

CentOS Errata and Security Advisory CESA-2021:0671 The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying...

(RHSA-2021:0694) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

(RHSA-2021:0693) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

(RHSA-2021:0692) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

(RHSA-2021:0691) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Debian DLA-2578-1 : thunderbird security update

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For Debian 9 stretch, these problems have been fixed in version 1:78.8.0-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the detailed...

(RHSA-2021:0672) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

(RHSA-2021:0671) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

(RHSA-2021:0669) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

(RHSA-2021:0670) Important: bind security update

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security....

RHEL 8 : bind (RHSA-2021:0670)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0670 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a...

Debian DSA-4862-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information...

RHEL 7 : bind (RHSA-2021:0671)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0671 advisory. The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a...

Debian DLA-2575-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. For Debian 9 stretch, these problems have been fixed in version 78.8.0esr-1~deb9u1. We recommend that you upgrade your...

Ubuntu 20.10 : Thunderbird vulnerabilities (USN-4736-1)

The remote Ubuntu 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4736-1 advisory. When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the...

Thunderbird vulnerabilities

Releases Ubuntu 20.10 Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to...

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU.....

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU.....

Code injection

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU.....

CVE-2021-22976

On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and all 12.1.x versions, when the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU.....

[SECURITY] Fedora 32 Update: cups-2.3.3op2-1.fc32

CUPS printing system provides a portable printing layer for UNIX=EF=BF=BD=EF=BF=BD operating systems. It has been developed by Apple In c. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

F5 Networks BIG-IP : BIG-IP ASM WebSocket vulnerability (K88230177)

The version of F5 Networks BIG-IP installed on the remote host is prior to 12.1.5.3 / 13.1.3.6 / 14.1.3.1 / 15.1.2 / 16.0.1.1 / 16.1.0. It is, therefore, affected by a vulnerability as referenced in the K88230177 advisory. On BIG-IP Advanced WAF and ASM version 16.0.x before 16.0.1.1, 15.1.x...

Fedora: Security Advisory for cups (FEDORA-2021-db5caaeb91)

The remote host is missing an update for...

[SECURITY] Fedora 33 Update: czmq-4.2.1-1.fc33

CZMQ has the following goals: i) To wrap the =EF=BF=BD=EF=BF=BDMQ core API in semantics that are natura l and lead to shorter, more readable applications. ii) To hide the differences between versions of =EF=BF=BD=EF=BF=BDMQ. iii) To provide a space for development of more sophisticated API...

K88230177 : BIG-IP ASM WebSocket vulnerability CVE-2021-22976

Security Advisory Description When the BIG-IP ASM system processes WebSocket requests with JSON payloads, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. (CVE-2021-22976) Impact When this vulnerability is exploited, the BIG-IP ASM system may take....

Fedora: Security Advisory for cups (FEDORA-2021-ef84cd3f69)

The remote host is missing an update for...

[SECURITY] Fedora 33 Update: cups-2.3.3op2-1.fc33

CUPS printing system provides a portable printing layer for UNIX=EF=BF=BD=EF=BF=BD operating systems. It has been developed by Apple In c. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line...

Debian DLA-2539-1 : firefox-esr security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. For Debian 9 stretch, these problems have been fixed in version 78.7.0esr-1~deb9u1. We recommend that you upgrade your...

Debian DLA-2541-1 : thunderbird security update

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code, denial of service or an information leak. For Debian 9 stretch, these problems have been fixed in version 1:78.7.0-1~deb9u1. We recommend that you upgrade your thunderbird packages. For the.....

Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2021-1150)

The remote host is missing an update for the Huawei...

EulerOS 2.0 SP8 : libdb (EulerOS-SA-2021-1150)

According to the version of the libdb packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and...

Updated db53 packages fix a security vulnerability

Vulnerability in the Data Store component of Oracle Berkeley DB. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in.....

Debian DSA-4840-1 : firefox-esr - security update

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information...

Ubuntu 20.10 : Thunderbird vulnerabilities (USN-4701-1)

The remote Ubuntu 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4701-1 advisory. Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to obtain potentially sensitive information from process memory...

Thunderbird vulnerabilities

Releases Ubuntu 20.10 Packages thunderbird - Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to...

Debian DLA-2521-1 : firefox-esr security update

A security issue was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For Debian 9 stretch, this problem has been fixed in version 78.6.1esr-1~deb9u1. We recommend that you upgrade your firefox-esr packages. For the detailed security...

Debian DSA-4827-1 : firefox-esr - security update

A security issue was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary...

Sealed U.S. Court Records Exposed in SolarWinds Breach

The ongoing breach affecting thousands of organizations that relied on backdoored products by network software firm SolarWinds may have jeopardized the privacy of countless sealed court documents on file with the U.S. federal court system, according to a memo released Wednesday by the...

SoftMaker Office TextMaker Document Record 0x001f sign-extension vulnerability

Summary An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the...