27 matches found
sbibboleth-sp -- denial of service vulnerability
Shibboleth project reports: Session recovery feature contains a null pointer deference. The cookie-based session recovery feature added in V3.0 contains a flaw that is exploitable on systems not using the feature if a specially crafted cookie is supplied. This manifests as a crash in the shibd...
SUSE-SU-2020:1943-1 Security update for xrdp
This update for xrdp provides the following fix: - CVE-2020-4044: xrdp-sesman can be crashed remotely over port 3350 bsc1173580. - Fixed an issue where xrdp-sesman could not restart bsc1155952. - Fixed an issue where xrdp could not start due to an error in the service file use absolute path in...
GnuTLS Encryption Problem Vulnerability (CNVD-2020-53541)
GnuTLS is a free secure communication library for implementing SSL, TLS and DTLS protocols. A security vulnerability exists in GnuTLS version 3.6.14. An attacker can exploit this vulnerability by performing a man-in-the-middle attack to bypass authentication in TLS version 1.3 and recover previou...
CVE-2018-1066
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...
CVE-2018-1066
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...
CVE-2018-1066
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...
UBUNTU-CVE-2018-1066
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation...