openSUSE: Security Advisory for grub2 (SUSE-SU-2022:2035-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The future of compliance and data governance is here: Introducing Microsoft Purview

The worldwide shift to a hybrid workplace has pushed us all to embrace ubiquitous connectivity. Those new connections have helped us become more collaborative; routinely editing and sharing documents in real-time from wherever we happen to be working. Instant messaging went from being a tool of...

The future of compliance and data governance is here: Introducing Microsoft Purview

The worldwide shift to a hybrid workplace has pushed us all to embrace ubiquitous connectivity. Those new connections have helped us become more collaborative; routinely editing and sharing documents in real-time from wherever we happen to be working. Instant messaging went from being a tool of...

Juniper Networks Junos OS 代码问题漏洞

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK. Juniper Networks Junos OS is vulnerable to a code issue that could allow an unauthenticated network-based...

FreeBSD-kernel -- Multiple WiFi issues

Problem Description: The paper "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" reported a number of security vulnerabilities in the 802.11 specification related to frame aggregation and fragmentation. Additionally, FreeBSD 12.x missed length validation of SSIDs an...

AlmaLinux 8 : samba (ALSA-2021:5082)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:5082 advisory. - A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire...

ALPINE-CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

AZL-8903 CVE-2021-23192 affecting package samba 4.12.5-7

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

AZL-37002 CVE-2021-23192 affecting package samba for versions less than 4.18.3-1

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

DEBIAN-CVE-2021-23192

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...

CVE-2020-36516

A TCP/IP packet spoofing attack flaw was found in the Linux kernel’s TCP/IP protocol, where a Man-in-the-Middle Attack MITM performs an IP fragmentation attack and an IPID collision. This flaw allows a remote user to pretend to be the sender of the TCP/IP packet for an existing TCP/IP session...

USN-5299-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

Mathy Vanhoef discovered that the Linux kernel’s WiFi implementation could reassemble mixed encrypted and plaintext fragments. A physically proximate attacker could possibly use this issue to inject packets or exfiltrate selected fragments. CVE-2020-26147 It was discovered that the bluetooth...

AlmaLinux 8 : kernel (ALSA-2021:4356)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4356 advisory. - Insufficient control flow in certain data structures for some IntelR Processors with IntelR Processor Graphics may allow an unauthenticated user to...

Important: kernel

Issue Overview: A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to...

Important: kernel

Issue Overview: A flaw was found in the Linux kernels implementation of wifi fragmentation handling. An attacker with the ability to transmit within the wireless transmission range of an access point can abuse a flaw where previous contents of wifi fragments can be unintentionally transmitted to...

CVE-2022-22153

An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon flowd of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit...

openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets

A memory leak was found in Open vSwitch OVS during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments...

openvswitch: External triggered memory leak in Open vSwitch while processing fragmented packets

A memory leak was found in Open vSwitch OVS during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments...

[SECURITY] Fedora 35 Update: libopenmpt-0.5.15-1.fc35

libopenmpt is a cross-platform C++ and C library to decode tracked music files modules into a raw PCM audio stream. libopenmpt is based on the player code of the OpenMPT project Open ModPlug Tracker. In order to avoid code base fragmentation, libopenmpt is developed in the same source code...

samba: Subsequent DCE/RPC fragment injection vulnerability

A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements...