MikroTik RouterOS <= 6.48.6 Multiple Vulnerabilities

MikroTik RouterOS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:mikrotik:routeros"; if...

nettle: Out of bounds memory access in signature verification

A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...

openSUSE 15 Security Update : kubevirt (openSUSE-SU-2021:2274-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2274-1 advisory. - A flaw was found in libnbd 1.7.3. An assertion failure in nbdunlockedoptgo in ilb/opt.c may lead to denial of service. CVE-2021-20286 Note that...

nettle: Out of bounds memory access in signature verification

A flaw was found in Nettle, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an...

CVE-2020-36420

CVE-2020-36420 affects Polipo up to version 1.1.1. When NDEBUG is omitted, parsing a malformed Range header can trigger a reachable assertion, causing a denial of service. This is described in multiple connected sources (NVD entry and Nessus/Red Hat/OSV/etc.), which consistently note the vulnerab...

CVE-2020-36420

Removed by vendor...

CVE-2021-1938

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2021-1887

An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking...

Input validation

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

Design/Logic Flaw

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2021-1953

Improper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon...

CVE-2021-1953

CVE-2021-1953 is a Qualcomm/Snapdragon chipset vulnerability: improper handling of malformed FTMR request frames can cause a reachable assertion when replying with FTM1 frames, enabling a network‑based DoS against multiple Snapdragon Product families (Auto, Compute, Connectivity, etc.). The CVSS3...

CVE-2021-1938

CVE-2021-1938 concerns a Qualcomm/Snapdragon issue involving an assertion caused by improper verification when creating and deleting a peer across multiple Snapdragon subsystems (Auto, Compute, Connectivity, etc.). The root cause is described as improper verification during peer creation/deletion...

CVE-2021-1938

Possible assertion due to improper verification while creating and deleting the peer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2021-1887

An assertion can be reached in the WLAN subsystem while using the Wi-Fi Fine Timing Measurement protocol in Snapdragon Wired Infrastructure and Networking...

CVE-2021-1887

Summary: CVE-2021-1887 relates to a reachable assertion in the WLAN subsystem when using the Wi‑Fi Fine Timing Measurement (FTM) protocol in Snapdragon Wired Infrastructure and Networking devices. Affected component: Qualcomm/Snapdragon WLAN subsystem implementing IEEE 802.11 Wi‑Fi FTM. Root caus...

EulerOS Virtualization 2.9.0 : bind (EulerOS-SA-2021-2194)

According to the versions of the bind packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported...

EulerOS Virtualization 2.9.0 : unbound (EulerOS-SA-2021-2210)

According to the versions of the unbound packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdatacopy. NOTE: The vendor disputes that...

Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2021-2175)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2707-1 : sogo - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2707 advisory. - SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deploymen...