openSUSE Security Update : sssd (openSUSE-2019-51)

This update for sssd provides the following fixes : This security issue was fixed : - CVE-2018-10852: Set stricter permissions on /var/lib/sss/pipes/sudo to prevent the disclosure of sudo rules for arbitrary users bsc1098377 These non-security issues were fixed : - Fix a segmentation fault in...

Security update for sssd (moderate)

openSUSE Security Update: Security update for sssd Announcement ID: openSUSE-SU-2019:0051-1 Rating: moderate References: 1010700 1072728 1080156 1087320 1098377 1101877 1110299 Cross-References: CVE-2018-10852 Affected Products: openSUSE Leap 42.3 An update that solves one vulnerability and has 6...

PT-2018-2686 · Civetweb +2 · Civetweb +2

Name of the Vulnerable Software and Affected Versions: CivetWeb affected versions not specified Description: The issue is related to resource management errors in the CivetWeb web server. It can be exploited by a remote attacker to cause a denial of service. Specifically, when CivetWeb is used as...

openSUSE: Security Advisory for openssh (openSUSE-SU-2018:3946-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SSH Auditor - The Best Way To Scan For Weak Ssh Passwords On Your Network

The Best Way To Scan For Weak Ssh Passwords On Your Network Features ssh-auditor will automatically: Re-check all known hosts as new credentials are added. It will only check the new credentials. Queue a full credential scan on any new host discovered. Queue a full credential scan on any known ho...

Security update for openssh (moderate)

This update for openssh fixes the following issues: - CVE-2018-15919: Remotely observable behaviour in auth-gss2.c in OpenSSH could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. OpenSSH developers do not want to treat such a username enumeration ...

openSUSE: Security Advisory for openssh (openSUSE-SU-2018:3801-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

zsh: buffer overflow for very long fds in >& fd syntax

A buffer overflow flaw was found in the zsh shell file descriptor redirection functionality. An attacker could use this flaw to cause a denial of service by crashing the user shell...

CVE-2018-1114

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

Design/Logic Flaw

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

CVE-2018-1114

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

CVE-2018-1114

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

CVE-2018-1114

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

CVE-2018-1114

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

PowerDNS Authoritative Server < 3.4.11 / 4.0 < 4.0.2 DoS Vulnerabilities

An issue has been found in PowerDNS Authoritative Server allowing a remote, unauthenticated attacker to cause a denial of service DoS by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole...

CVE-2016-7072

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and...

UBUNTU-CVE-2016-7072

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and...

DEBIAN-CVE-2016-7072

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and...

CVE-2016-7072

An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and...

CVE-2018-14621

An infinite loop vulnerability was found in libtirpc before version 1.0.2-rc2. With the port to using poll rather than select, exhaustion of file descriptors would cause the server to enter an infinite loop, consuming a large amount of CPU time and denying service to other clients until restarted...