CentOS: Security Advisory for linuxptp (CESA-2021:2658)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

linuxptp security update

CentOS Errata and Security Advisory CESA-2021:2658 An update for linuxptp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severit...

BaseVaultAdaptor assumes sharePrice is always in underlying decimals

Handle cmichel Vulnerability details Vulnerability Details The two BaseVaultAdaptor.calculateShare functions computes share = amount.muluint25610decimals.divsharePrice uint256 sharePrice = getVaultSharePrice; // amount is in "token" decimals, share should be in "vault" decimals share =...

Important: Red Hat Security Advisory: linuxptp security update

An update for linuxptp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Important: Red Hat Security Advisory: linuxptp security update

An update for linuxptp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

linuxptp: missing length check of forwarded messages

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiali...

linuxptp: missing length check of forwarded messages

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiali...

linuxptp security update

An update is available for linuxptp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The linuxptp packages provide Precision Time Protocol PTP implementation for...

RLSA-2021:2660 Important: linuxptp security update

The linuxptp packages provide Precision Time Protocol PTP implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces API offered by the...

ptp4l 缓冲区错误漏洞

ptp4l is an implementation of IEEE Standard 1588 for Linux for the Precision Time Protocol PTP. A buffer error vulnerability exists in ptp4l that stems from the fact that when ptp4l is run as a PTP transparent clock on a little-endian architecture, a remote attacker can send a carefully crafted...

ptp4l 缓冲区错误漏洞

ptp4l is an implementation of IEEE Standard 1588 for Linux for the Precision Time Protocol PTP. A buffer error vulnerability exists in ptp4l, which stems from a lack of length checking when forwarding PTP messages between ports, and can lead to information leakage, crashes, or potentially remote...

UBUNTU-CVE-2021-3570

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiali...

Bumble: Exfiltrating a victim's exact location (to within 5m)

I used Bumble's distance feature to exfiltrate the exact location to within approx 5m of a victim. I did this by using the Bumble API to move my attacker account's location around the approximate area of the victim. I was able to obtain the exact distance between attacker and victim at 3 separate...

CVE-2021-21557

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System...

CVE-2021-21554

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploi...

Stack overflow

Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploi...

CVE-2021-21557

Dell PowerEdge Server BIOS and select Dell Precision Rack BIOS contain an out-of-bounds array access vulnerability. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of service, arbitrary code execution, or information disclosure in System...

CVE-2021-21554

CVE-2021-21554 corresponds to a stack-based buffer overflow in Dell PowerEdge BIOS/UEFI on systems with Intel Optane DC Persistent Memory (R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and Dell Precision 7920 Rack Workstation). The root cause is a stack-based overflow in BIOS/UEFI Prebo...

PT-2021-14605 · Dell · Dell Precision Rack Bios +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge Server BIOS affected versions not specified Dell Precision Rack BIOS affected versions not specified Description: The issue is related to an out-of-bounds array access. A local malicious user with high privileges may exploit...

Vulnerabilities fixed in Dell Precision products

Vulnerabilities have been fixed in Dell Precision products. The vulnerabilities allow a local malicious person to obtain elevated rights or to cause a denial-of-service. Dell has released updates to fix the vulnerabilities. More information can be found on the page below:...