Debian: Security Advisory (DLA-3206-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CLSA-2022-1665502073 Fix CVE(s): CVE-2022-41318

SECURITY UPDATE: buffer-over-read in SSPI and SMB authentication - debian/patches/CVE-2022-41318.patch: improve debugs and checks sequence to clarify cases and ensure that all are handled correctly in lib/ntlmauth/ntlmauth.cc - CVE-2022-41318...

EulerOS 2.0 SP3 : kernel (EulerOS-SA-2022-1735)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Wi-Fi Protected Access WPA and WPA2 allows reinstallation of the Group Temporal Key GTK during the group key handshake, allowing an attacker...

Detecting and preventing privilege escalation attacks leveraging Kerberos relaying (KrbRelayUp)

On April 24, 2022, a privilege escalation hacking tool, KrbRelayUp, was publicly disclosed on GitHub by security researcher Mor Davidovich. KrbRelayUp is a wrapper that can streamline the use of some features in Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn tools in...

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2

KB5014990: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2008 SP2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serv...

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2

KB5014986: Authentication failures occur after the May 10, 2022 update is installed on domain controllers running Windows Server 2012 R2 Summary This update includes improvements for the following issue: Addresses a known issue that might cause authentication failures for some services on a serve...

May 19, 2022—KB5015019 (OS Build 14393.5127) Out-of-band

May 19, 2022—KB5015019 OS Build 14393.5127 Out-of-band Note: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback. 11/19/20 For information about Window...

May 19, 2022—KB5015018 (OS Build 17763.2931) Out-of-band

May 19, 2022—KB5015018 OS Build 17763.2931 Out-of-band Note: To improve the information presented in the history pages and related KBs and make them more useful to our customers, we have created an anonymous survey for you to share your comments and feedback. 11/17/20 For information about Window...

Fixed vulnerability in Wi-Fi SAE and EAP-wd implementations

A vulnerability has been fixed in implementations of the Simultaneous Authentication of Equals SAE and Extensible-Authentication-Protocol-EAP EAP-wd that are used in hostapd and wpasupplicant. The vulnerability enables a malicious party with the ability to execute code on the system to gain acces...

Important: Red Hat Security Advisory: cyrus-sasl security update

An update for cyrus-sasl is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

...

USN-5250-1 strongswan vulnerability

Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication...

ALPINE-CVE-2022-23304

The implementations of EAP-pwd in hostapd before 2.10 and wpasupplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495...

EAP-pwd 加密问题漏洞

EAP-pwd is an EAP authentication method that uses a shared password for authentication. A cryptographic issue vulnerability exists in EAP-pwd that stems from a cache access mode error in the hostapd and wpa supplicant components of the product. An attacker could use this vulnerability to launch a...

CVE-2017-2488

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords...

CVE-2017-2488

A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords...

CVE-2017-2488

CVE-2017-2488 concerns Apple Remote Desktop; a cryptographic weakness in the authentication protocol allowed an attacker to capture cleartext passwords. The issue was mitigated by implementing the Secure Remote Password authentication protocol and is fixed in Apple Remote Desktop 3.9. Remediation...

GNU Hurd has unspecified vulnerabilities

Gnu Hurd is a Gnu project replacement for the Unix kernel. It is used to implement the file system, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux. GNU Hurd suffers from a security vulnerability that stems from the use of...

CVE-2021-43414

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access...

CVE-2021-43414

An issue was discovered in GNU Hurd before 0.9 20210404-9. The use of an authentication protocol in the proc server is vulnerable to man-in-the-middle attacks, which can be exploited for local privilege escalation to get full root access...