USN-6866-3: Linux kernel (Azure) vulnerabilities

It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service system crash. CVE-2021-33631 It w...

USN-6866-2: Linux kernel (Azure) vulnerabilities

It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service system crash. CVE-2021-33631 It w...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel (Azure) vulnerabilities (USN-6866-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6866-2 advisory. It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An...

USN-6865-1: Linux kernel vulnerabilities

It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service system crash. CVE-2021-33631 It w...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-6865-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6865-1 advisory. It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An...

Apache StreamPipes Security Feature Issue Vulnerability

Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from a security signature issue vulnerability that stems from the presence of a cryptographical...

USN-6828-1: Linux kernel (Intel IoTG) vulnerabilities

Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service system crash. CVE-2023-47233 It was...

Breaking a Password Manager

Interesting story of breaking the security of the RoboForm password manager in order to recover a cryptocurrency wallet password. Grand and Bruno spent months reverse engineering the version of the RoboForm program that they thought Michael had used in 2013 and found that the pseudo-random number...

Use Of Cryptographically Weak Pseudo-Random Number Generator

stormpath/sdk is vulnerable to Use Of Cryptographically Weak Pseudo-Random Number Generator. This vulnerability is due to an insecure generation of UUID version 4...

stormpath/sdk uses Insecure Random Number Generator

The vulnerability pertains to the usage of an insecure random number generator RNG in the "stormpath-sdk-php" library. Specifically, the issue is present in the generation of UUID Universally Unique Identifier version 4 within the codebase...

Ubuntu 22.04 LTS : Linux kernel (Intel IoTG) vulnerabilities (USN-6795-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6795-1 advisory. Zheng Wang discovered that the Broadcom FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use-...

PT-2024-26768

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel's random number generator RNG on CoCo systems. The CoCo threat model means that the VM host cannot be trusted and may actively work against guest...

DEBIAN-CVE-2024-36048

QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...

USN-6767-2: Linux kernel (BlueField) vulnerabilities

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service system crash. CVE-2024-23849 Several security issues were discovered in the Linux kernel. An attacker...

RHEL 6 : c-ares (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - c-ares: Single byte out of buffer write CVE-2016-5180 - The c-ares function aresparsenaptrreply, which is...

USN-6767-1 linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-gcp, linux-gcp-5.4, linux-gkeop, linux-hwe-5.4, linux-ibm, linux-ibm-5.4, linux-iot, linux-kvm, linux-oracle, linux-oracle-5.4, linux-raspi, linux-raspi-5.4, linux-xilinx-zynqmp vulnerabilities

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service system crash. CVE-2024-23849 Several security issues were discovered in the Linux kernel. An attacker...

USN-6767-1: Linux kernel vulnerabilities

Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service system crash. CVE-2024-23849 Several security issues were discovered in the Linux kernel. An attacker...

Linux kernel (OEM) vulnerabilities

Releases Ubuntu 22.04 LTS Packages linux-oem-6.5 - Linux kernel for OEM systems Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause ...

CVE-2024-1579 Insufficient seeding of random number generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Secomea GateManager Webserver modules allows Session Hijacking.This issue affects GateManager: before 11.2.624071020...

CVE-2024-1579 Insufficient seeding of random number generator

Incorrect Usage of Seeds in Pseudo-Random Number Generator PRNG vulnerability in Secomea GateManager Webserver modules allows Session Hijacking.This issue affects GateManager: before 11.2.624071020...