CVE-2020-1921

CVE-2020-1921 affects HHVM: the crypt function may terminate a buffer using the salt length without verifying the offset lies inside the buffer. Affected HHVM versions include before 4.56.3, 4.57.0–4.80.1, 4.81.0–4.93.1, and 4.94.0–4.98.0. The initial description provides the vulnerable condition...

CVE-2020-1921

In the crypt function, we attempt to null terminate a buffer using the size of the input salt without validating that the offset is within the buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions...

Katy Voor HHVM 缓冲区错误漏洞

Katy Voor HHVM is an open source application by Katy Voor. Provides an open source virtual machine designed to execute programs written in Hack. A security vulnerability exists in HHVM that stems from a crypt function that allows the size of the input salt to be null to terminate the buffer witho...

Canonical Ubuntu Remote-login-service Encryption Issue Vulnerability

Canonical Ubuntu is a desktop-oriented GNU/Linux operating system from the British company Canonical. A security vulnerability exists in Canonical Ubuntu's remote-login-service service, which stems from an insecure encryption algorithm used to cache usernames and passwords in crypt.c of...

Unbreakable Enterprise kernel security update

4.14.35-2025.404.1.1 - target: fix XCOPY NAA identifier lookup David Disseldorp Orabug: 32248040 CVE-2020-28374 4.14.35-2025.404.1 - xenbus/xenbusbackend: Disallow pending watch messages SeongJae Park Orabug: 32253412 CVE-2020-29568 - xen/xenbus: Count pending messages for each watch SeongJae Par...

Unbreakable Enterprise kernel security update

5.4.17-2036.102.0.2uek - xen-blkback: set ring-xenblkd to NULL after kthreadstop Pawel Wieczorkiewicz Orabug: 32260252 CVE-2020-29569 - xenbus/xenbusbackend: Disallow pending watch messages SeongJae Park Orabug: 32253409 CVE-2020-29568 - xen/xenbus: Count pending messages for each watch SeongJae...

Unbreakable Enterprise kernel-container security update

5.4.17-2036.102.0.2.el7 - xen-blkback: set ring-xenblkd to NULL after kthreadstop Pawel Wieczorkiewicz Orabug: 32260252 CVE-2020-29569 - xenbus/xenbusbackend: Disallow pending watch messages SeongJae Park Orabug: 32253409 CVE-2020-29568 - xen/xenbus: Count pending messages for each watch SeongJae...

Unbreakable Enterprise kernel security update

4.1.12-124.46.3 - mwifiex: fix possible heap overflow in mwifiexprocesscountryie Ganapathi Bhat Orabug: 30781859 CVE-2019-14895 CVE-2019-14895 - ext4: fix ext4emptydir for directories with holes Jan Kara Orabug: 31265320 CVE-2019-19037 CVE-2019-19037 - netlabel: cope with NULL catmap Paolo Abeni...

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

CVE-2020-28924

An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, the password generator has been producing weak passwords with much less entropy than advertised. The suggested passwords depend deterministically on the time the second rclone was started. This limi...

Unbreakable Enterprise kernel security update

5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...

RHEL 8 : cryptsetup (RHSA-2020:4542)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:4542 advisory. The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. The following packages have been upgraded ...

Moderate: cryptsetup security, bug fix, and enhancement update

The cryptsetup packages provide a utility for setting up disk encryption using the dm-crypt kernel module. The following packages have been upgraded to a later upstream version: cryptsetup 2.3.3. BZ1796826 Security Fixes: cryptsetup: Out-of-bounds write when validating segments CVE-2020-14382 For...

Fedora: Security Advisory for cryptsetup (FEDORA-2020-8c76e12e62)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: cryptsetup-2.3.4-1.fc33

The cryptsetup package contains a utility for setting up disk encryption using dm-crypt kernel module...

Fedora: Security Advisory for cryptsetup (FEDORA-2020-5ed5af6275)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: cryptsetup-2.3.4-1.fc31

The cryptsetup package contains a utility for setting up disk encryption using dm-crypt kernel module...

Fedora: Security Advisory for cryptsetup (FEDORA-2020-965e406543)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...