CVE-2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption...

UBUNTU-CVE-2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption...

Unbreakable Enterprise kernel security update

4.14.35-1818.3.3 - net: netfailover: fix typo in netfailoverslaveregister Liran Alon Orabug: 28122110 - virtionet: Extend virtio to use VF datapath when available Sridhar Samudrala Orabug: 28122110 - virtionet: Introduce VIRTIONETFSTANDBY feature bit Sridhar Samudrala Orabug: 28122110 - net:...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0258)

The remote OracleVM system is missing necessary patches to address critical security updates : - nsfs: mark dentry with DCACHERCUACCESS Cong Wang Orabug: 28576290 CVE-2018-5873 - dm crypt: add middle-endian variant of plain64 IV Konrad Rzeszutek Wilk Orabug: 28604628 - IB/ipoib: Improve filtering...

Unbreakable Enterprise kernel security update

4.1.12-124.19.5 - nsfs: mark dentry with DCACHERCUACCESS Cong Wang Orabug: 28576290 CVE-2018-5873 - dm crypt: add middle-endian variant of plain64 IV Konrad Rzeszutek Wilk Orabug: 28604628 - IB/ipoib: Improve filtering log message Yuval Shaia Orabug: 28655409 - IB/ipoib: Fix wrong update of...

Fedora 27 : libtomcrypt (2018-39e0872379)

Fix Side Channel Based ECDSA Key Extraction CVE-2018-12437 PR 408 - Fix potential stack overflow when DER flexi-decoding CVE-2018-0739 PR 373 - Fix two-key 3DES PR 390 - Fix accelerated CTR mode PR 359 - Fix Fortuna PRNG PR 363 - Fix compilation on platforms where cc doesn't point to gcc PR 382 -...

CVE-2018-14370

CVE-2018-14370 affects Wireshark 2.6.0–2.6.1 and 2.4.0–2.4.7 where the IEEE 802.11 dissector could crash. The fix implemented in epan/crypt/airpdcap.c adds bounds checking to prevent a buffer over-read. This CVE entry is supported by multiple vendor advisories and Nessus/NVL references; no exploi...

Buffer overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to ze...

CVE-2018-6853

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a...

Buffer overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a...

CVE-2018-6856

CVE-2018-6856 affects Sophos SafeGuard Enterprise prior to 8.00.5, SafeGuard Easy prior to 7.00.3, and SafeGuard LAN Crypt prior to 3.95.2. The issue is a Local Privilege Escalation via IOCTL 0x8020601C where crafting an input buffer allows controlling the execution path to write a global variabl...

CVE-2018-6852

Vulnerability: Local Privilege Escalation in Sophos SafeGuard Enterprise (pre-8.00.5), SafeGuard Easy (pre-7.00.3), and SafeGuard LAN Crypt (pre-3.95.2). Root cause: crafted input buffer via IOCTL 0x80202298 allows control of execution to the nt!memset call, enabling zeroing of a user‑controlled ...

CVE-2018-6851

CVE-2018-6851 (and related CVEs 2018-6852/6853/6857) describe local privilege escalation in Sophos SafeGuard products. Affected components include Sophos SafeGuard Enterprise (before 8.00.5), SafeGuard Easy (before 7.00.3), and SafeGuard LAN Crypt (before 3.95.2). The root cause involves crafting...

CVE-2018-6853

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are affected by a Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer, an attacker can steer execution to a path where a global variable is written to a user-con...

CVE-2018-6857

CVE-2018-6857 affects Sophos SafeGuard Enterprise <8.00.5, SafeGuard Easy <7.00.3, and SafeGuard LAN Crypt

CVE-2018-6855

CVE-2018-6855 and related entries describe Local Privilege Escalation in Sophos SafeGuard products (SafeGuard Enterprise < 8.00.5, SafeGuard Easy < 7.00.3, SafeGuard LAN Crypt

Debian: Security Advisory (DLA-1398-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sophos SafeGuard Privilege Escalation Vulnerability - Windows

Sophos SafeGuard Client Products are prone to privilege escalation vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

Sophos SafeGuard Detection (Windows SMB Login)

Detects the installed version of Sophos SafeGuard on Windows. The script logs in via smb, searches for Sophos SafeGuard in the registry and gets the version from the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C ...

Debian DLA-1398-1 : php-horde-crypt security update

It was discovered that in Horde-Crypt, a cryptographic library and part of the PHP Horde framework, a command injection was possible when a Horde user used the PGP features to view an encrypted email. For Debian 8 'Jessie', these problems have been fixed in version 2.5.0-5+deb8u1. We recommend th...