EulerOS 2.0 SP3 : kernel (EulerOS-SA-2019-1108)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was discovered in the Linux kernel's USB subsystem in the usbgetextradescriptor function in the drivers/usb/core/usb.c which mishandles a...

The vulnerability of the Skype instant messaging application for Android operating systems allows a hacker to bypass screen lockdowns and gain access to protected information.

The vulnerability of the Skype instant messaging application for Android operating systems is related to errors in processing special authentication requests. Exploiting this vulnerability could allow a hacker to bypass screen lock mechanisms and gain access to protected information...

Flaw in Twitter form may have been abused by nation states

Twitter announced in a blog post on Monday that they discovered and addressed a security flaw on one of their support forms. The discovery was made on November 15 — more than a month ago — and was promptly fixed the next day. From the Twitter blog on this issue: We have become aware of an issue...

SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:4069-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device with zero interfaces that is mishandled i...

glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service

It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion

A flaw was found in glusterfs server which allowed repeated usage of GFMETALOCKKEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node...

glibc security, bug fix, and enhancement update

2.17-260.0.9 - Regenerate plural.c - OraBug 28806294. - Reviewed-by: Jose E. Marchesi 2.17-260.0.7 - intl: Port to Bison 3.0 - Backport of upstream gettext commit 19f23e290a5e4a82b9edf9f5a4f8ab6192871be9 - OraBug 28806294. - Reviewed-by: Patrick McGehearty 2.17-260.0.5 - Fix dbl-64/wordsize-64...

DEBIAN-CVE-2018-14660

A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GFMETALOCKKEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs serv...

glusterfs: Buffer overflow in "features/locks" translator allows for denial of service

A buffer overflow was found in strncpy of the plgetxattr function. An authenticated attacker could remotely overflow the buffer by sending a buffer of larger length than the size of the key resulting in remote denial of service...

glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion

A flaw was found in glusterfs server which allowed repeated usage of GFMETALOCKKEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node...

glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service

It was found that usage of snprintf function in feature/locks translator of glusterfs server was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service...

CVE-2018-18281

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

Design/Logic Flaw

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

DEBIAN-CVE-2018-18281

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

CVE-2018-18281

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

CVE-2018-18281

Since Linux kernel version 3.2, the mremap syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate removes entries from the pagetables of a task that is in the middle of mremap, a stale TLB entry can remain for a short time that permits access to a physical pag...

PT-2018-2608 · Red Hat +1 · Glusterfs +1

Name of the Vulnerable Software and Affected Versions: glusterfs version 3.8.4 Description: The issue is related to the usage of the snprintf function in the feature/locks translator of the glusterfs server, which is vulnerable to a format string attack. A remote, authenticated attacker could...

Khan Academy: Creating Unlimited Fake Accounts.

Hello @khanacademy, Anyone can create unlimited fake accounts using temp mails. i,e https://temp-mail.org/en/ 1- Go to https://temp-mail.org/en/ 2- Select an mail 3- Enter that mail while creating an account in khanacademy 4- You will get confirm mail from khanacademy on https://temp-mail.org/en/...

Smart Locks: Dumb Security

Dave Lodge and I presented at the BSides Manchester pre-party, aka ‘beersides’ on the subject of not very smart locks. Doubtless you’ve already seen our work on the Tapplock over BLE and the API, our hardware work on the Fipilock, and maybe even our smart lock security interview with hardware.io...

Smart Lock Security: Interview with hardware.io

In advance of the hardware.io event at The Hague next month Andrew Tierney gave them an interview about smart lock security… Technology today has transformed the traditional locks to smart locks. Thanks to the advancement in the technical frontier. The days of the mechanical lock and keys has...