spice security update

0.14.3-4 - Disable client-side renegotiation to prevent potential DoS Resolves: rhbz1904459 0.14.3-3 - Fix some static analyzer issues - Removed Obsoletes line for spice-client Related: rhbz1840240 0.14.3-2 - Fix multiple buffer overflows in QUIC decoding code Resolves: rhbz1829946 0.14.3-1 -...

CentOS 8 : raptor2 (CESA-2021:1842)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1842 advisory. - raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer CVE-2017-18926 - raptor2:...

RHEL 8 : python-cryptography (RHSA-2021:1608)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:1608 advisory. The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic...

RHEL 8 : raptor2 (RHSA-2021:1842)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1842 advisory. Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples...

CentOS 8 : python-cryptography (CESA-2021:1608)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:1608 advisory. - python-cryptography: bleichenbacher timing oracle attack against RSA decryption CVE-2020-25659 - python-cryptography: certain sequences of update cal...

Moderate: Red Hat Security Advisory: python-cryptography security, bug fix, and enhancement update

An update for python-cryptography is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: raptor2 security and bug fix update

An update for raptor2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Moderate: raptor2 security and bug fix update

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fixes: raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer CVE-2017-18926 raptor2:...

RLSA-2021:1842 Moderate: raptor2 security and bug fix update

Raptor is the RDF Parser Toolkit for Redland that provides a set of standalone RDF parsers, generating triples from RDF/XML or N-Triples. Security Fixes: raptor: heap-based buffer overflows due to an error in calculating the maximum nspace declarations for the XML writer CVE-2017-18926 raptor2:...

Moderate: python-cryptography security, bug fix, and enhancement update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. The following packages have been upgraded to a later upstream version: python-cryptography 3.2.1. BZ1873581, BZ1891947...

RLSA-2021:1608 Moderate: python-cryptography security, bug fix, and enhancement update

The python-cryptography packages contain a Python Cryptographic Authority's PyCA's cryptography library, which provides cryptographic primitives and recipes to Python developers. The following packages have been upgraded to a later upstream version: python-cryptography 3.2.1. BZ1873581, BZ1891947...

DEBIAN-CVE-2021-3402

An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA v4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file. Affects all versions before libyara 4.0.4...

CVE-2021-29520

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

PYSEC-2021-448

TensorFlow is an end-to-end open source platform for machine learning. Missing validation between arguments to tf.rawops.Conv3DBackprop operations can result in heap buffer overflows. This is because the...

BSA-2021-1492

Security Advisory ID : BSA-2021-1492 Component : ipfilter Revision : 1.1 The command “ipfilter” in Brocade Fabric OS before Brocade Fabric OS v.9.0.1a, v8.2.3, and v8.2.0CBN4,and v7.4.2h uses unsafe string function to process user input. Authenticated attackers can abuse this vulnerability to...

Exiv2 -- Multiple vulnerabilities

Exiv2 teams reports: Multiple vulnerabilities covering buffer overflows, out-of-bounds, read of uninitialized memory and denial of serivce. The heap overflow is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to ga...

CVE-2021-0268

An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the...

Cross site scripting

An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the...

CVE-2021-0268 Junos OS: J-Web has an Improper Neutralization of CRLF Sequences in its HTTP Headers which allows an attacker to carry out multiple types of attacks.

An Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Response Splitting' weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the...

Designing sockfuzzer, a network syscall fuzzer for XNU

Posted by Ned Williamson, Project Zero Introduction When I started my 20% project – an initiative where employees are allocated twenty-percent of their paid work time to pursue personal projects – with Project Zero, I wanted to see if I could apply the techniques I had learned fuzzing Chrome to...