116 matches found
openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2020-2083)
This update for java-180-openjdk fixes the following issues : - Fix regression '8250861: Crash in MinINode::IdealPhaseGVN, bool', introduced in October 2020 CPU. - Update to version jdk8u272 icedtea 3.17.0 July 2020 CPU, bsc1174157, and October 2020 CPU, bsc1177943 - New features + JDK-8245468: A...
Security update for java-1_8_0-openjdk (moderate)
openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2020:2083-1 Rating: moderate References: 1174157 1177943 Cross-References: CVE-2020-14556 CVE-2020-14577 CVE-2020-14578 CVE-2020-14579 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621...
Security update for java-11-openjdk (important)
openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2020:1191-1 Rating: important References: 1174157 Cross-References: CVE-2020-14556 CVE-2020-14562 CVE-2020-14573 CVE-2020-14577 CVE-2020-14581 CVE-2020-14583 CVE-2020-14593 CVE-2020-14621 Affected Products:...
SUSE SLED15 / SLES15 Security Update : java-11-openjdk (SUSE-SU-2020:2143-1)
This update for java-11-openjdk fixes the following issues : Update to upstream tag jdk-11.0.8+10 July 2020 CPU, bsc1174157 - Security fixes : + JDK-8230613: Better ASCII conversions + JDK-8231800: Better listing of arrays + JDK-8232014: Expand DTD support + JDK-8233234: Better Zip Naming +...
gnutls: session resumption works without master key allowing MITM
A flaw was found in GnuTLS, in versions starting from 3.6.4, where it does not session the ticket encryption key in a secure fashion by the application which is connecting. This flaw allows an attacker to craft a man-in-the-middle-attack, with the ability to bypass the TLS1.3 authentication and...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1586)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4064-1 thunderbird vulnerabilities
A sandbox escape was discovered in Thunderbird. If a user were tricked in to installing a malicious language pack, an attacker could exploit this to gain additional privileges. CVE-2019-9811 Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially...
EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID...
UBUNTU-CVE-2018-19497
In The Sleuth Kit TSK through 4.6.4, hfscattraverse in tsk/fs/hfs.c does not properly determine when a key length is too large, which allows attackers to cause a denial of service SEGV on unknown address with READ memory access in a tskgetu16 call in hfsdiropenmetacb in tsk/fs/hfsdent.c...
CVE-2018-15161
The libesedbkeyappenddata function in libesedbkey.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments...
Security update for java-1_7_0-openjdk (important)
This update for java-170-openjdk fixes the following issues: Security issues fixed in OpenJDK 7u171 January 2018 CPUbsc1076366: - CVE-2018-2579: Improve key keying case - CVE-2018-2588: Improve LDAP logins - CVE-2018-2599: Improve reliability of DNS lookups - CVE-2018-2602: Improve usage messages...
SUSE-SU-2017:3370-1 Security update for python-PyJWT
This update for python-PyJWT fixes the following issues: - CVE-2017-12880: fix symmetric/asymmetric confusion when handling PKCS1 public keys bsc1054106...
SUSE-SU-2017:2839-1 Security update for openvpn
This update for openvpn fixes the following issues: - CVE-2017-12166: Lack of bound check in readkey in old legacy key handling before using values could be used for a remote buffer overflow bsc1060877...
FreeBSD : chromium -- multiple vulnerabilities (a692bffe-b6ad-11e7-a1c2-e8e0b747a45a)
Google Chrome Releases reports : 35 security fixes in this release, including : - 762930 High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 - 749147 High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 - 760455 High CVE-2017-5126: Use after free in...
chromium -- multiple vulnerabilities
Google Chrome Releases reports: 35 security fixes in this release, including: 762930 High CVE-2017-5124: UXSS with MHTML. Reported by Anonymous on 2017-09-07 749147 High CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous on 2017-07-26 760455 High CVE-2017-5126: Use after free in PDFium...
DEBIAN-CVE-2017-12192
The keyctlreadkey function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service OOPS and system crash via a crafted...
CVE-2017-15274
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service NULL pointer dereference and OOPS via a crafted addkey or keyctl system call, a different...
SUSE-SU-2017:1794-1 Security update for libgcrypt
This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening against a local side-channel attack in RSA key handling has been added bsc1046607...
SUSE-SU-2017:1793-1 Security update for libgcrypt
This update for libgcrypt fixes the following issues: - CVE-2017-7526: Hardening a against local side-channel attack in RSA key handling has been added bsc1046607...
RedHat Update for kernel RHSA-2017:0933-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...