Moderate: Red Hat Security Advisory: samba security, bug fix and enhancement update

Updated samba packages that fix several security issues and provide several bug fixes and an enhancement are now available for Red Hat Gluster Storage 3.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability...

Cisco Small Business 100 Series Wireless Access Points and Small Business 300 Series Wireless Access Points Denial of Service Vulnerability

Cisco Small Business 100 Series Wireless Access Points and Small Business 300 Series Wireless Access Points are different series of wireless access point products from Cisco, which provide high-capacity wireless LAN and guest access services, among other features. The Extensible Authentication...

CVE-2018-0415

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of servic...

CVE-2018-0412

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an unauthenticated, adjacent attacker to force the downgrade of...

Cisco Small Business 100 Series and 300 Series Wireless Access Points Denial of Service Vulnerability

A vulnerability in the implementation of Extensible Authentication Protocol over LAN EAPOL functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300 Series Wireless Access Points could allow an authenticated, adjacent attacker to cause a denial of servic...

Security fix for the ALT Linux 10 package samba version 4.8.4-alt1.S1

Aug. 14, 2018 Evgeny Sinelnikov 4.8.4-alt1.S1 - Update to summer security release - Security fixes: + CVE-2018-1139 Weak authentication protocol allowed + CVE-2018-1140 Denial of Service Attack on DNS and LDAP server + CVE-2018-10858 Insufficient input validation on client directory listing in...

GHSA-PV4C-P2J5-38J4 Open Redirect in url-parse

Versions of url-parse before 1.4.3 returns the wrong hostname which could lead to Open Redirect, Server Side Request Forgery SSRF, or Bypass Authentication Protocol vulnerabilities. Recommendation Update to version 1.4.3 or later...

Design/Logic Flaw

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

CVE-2018-3774

Incorrect parsing in url-parse 1.4.3 returns wrong hostname which leads to multiple vulnerabilities such as SSRF, Open Redirect, Bypass Authentication Protocol...

Titan Security Keys – Google launches its own USB-based FIDO U2F Keys

At Google Cloud Next '18 convention in San Francisco, the company has introduced Titan Security Keys—a tiny USB device, similar to Yubico's YubiKey, that offers hardware-based two-factor authentication for your online accounts with the highest level of protection against phishing attacks. These...

DEBIAN-CVE-2018-1129

A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master, mimic, luminous and jewel ar...

CVE-2018-1129

CVE-2018-1129: A flaw in cephx signature calculation lets an attacker on a ceph cluster network alter payloads to bypass signature checks. Affected Ceph branches include master, mimic, luminous, and jewel. The initial description notes the vulnerability but does not provide a concrete patch versi...

CVE-2018-1128

CVE-2018-1128 describes a replay vulnerability in the Cephx authentication protocol where a packet sniffer on a Ceph cluster network can authenticate to Ceph services due to insufficient verification of clients. The issue affects the msgr2 protocol (used by most Ceph communication) and can compro...

Target Credential Status by Authentication Protocol - No Credentials Provided

Nessus was not able to successfully authenticate directly to the remote target on an available authentication protocol. Nessus was able to connect to the remote port and identify that the service running on the port supports an authentication protocol, but Nessus failed to authenticate to the...

DEBIAN-CVE-2018-11574

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files...

UBUNTU-CVE-2018-11574

Improper input validation together with an integer overflow in the EAP-TLS protocol implementation in PPPD may cause a crash, information disclosure, or authentication bypass. This implementation is distributed as a patch for PPPD 0.91, and includes the affected eap.c and eap-tls.c files...

Target Credential Issues by Authentication Protocol - Insufficient Privilege

Nessus was able to execute credentialed checks because it was possible to log in to the remote host using provided credentials, however the credentials were not sufficiently privileged to complete all requested checks. TRUSTED...