CVE-2019-11222

gfbin128parse in utils/osdivers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafteddrmfile.xml file...

CVE-2019-11222

gfbin128parse in utils/osdivers.c in GPAC 0.7.1 has a buffer overflow issue for the crypt feature when encountering a crafteddrmfile.xml file...

Debian: Security Advisory (DLA-1696-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Red Hat Ceph Unauthorized Access Vulnerability

Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system based on POSIX Portable Operating System Interface without a single point of failure, so that data can be fault-tolerant and seamless replication...

CVE-2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption...

UBUNTU-CVE-2018-14662

It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption...

Unbreakable Enterprise kernel security update

4.14.35-1818.3.3 - net: netfailover: fix typo in netfailoverslaveregister Liran Alon Orabug: 28122110 - virtionet: Extend virtio to use VF datapath when available Sridhar Samudrala Orabug: 28122110 - virtionet: Introduce VIRTIONETFSTANDBY feature bit Sridhar Samudrala Orabug: 28122110 - net:...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0258)

The remote OracleVM system is missing necessary patches to address critical security updates : - nsfs: mark dentry with DCACHERCUACCESS Cong Wang Orabug: 28576290 CVE-2018-5873 - dm crypt: add middle-endian variant of plain64 IV Konrad Rzeszutek Wilk Orabug: 28604628 - IB/ipoib: Improve filtering...

Unbreakable Enterprise kernel security update

4.1.12-124.19.5 - nsfs: mark dentry with DCACHERCUACCESS Cong Wang Orabug: 28576290 CVE-2018-5873 - dm crypt: add middle-endian variant of plain64 IV Konrad Rzeszutek Wilk Orabug: 28604628 - IB/ipoib: Improve filtering log message Yuval Shaia Orabug: 28655409 - IB/ipoib: Fix wrong update of...

Fedora 27 : libtomcrypt (2018-39e0872379)

Fix Side Channel Based ECDSA Key Extraction CVE-2018-12437 PR 408 - Fix potential stack overflow when DER flexi-decoding CVE-2018-0739 PR 373 - Fix two-key 3DES PR 390 - Fix accelerated CTR mode PR 359 - Fix Fortuna PRNG PR 363 - Fix compilation on platforms where cc doesn't point to gcc PR 382 -...

CVE-2018-14370

CVE-2018-14370 affects Wireshark 2.6.0–2.6.1 and 2.4.0–2.4.7 where the IEEE 802.11 dissector could crash. The fix implemented in epan/crypt/airpdcap.c adds bounds checking to prevent a buffer over-read. This CVE entry is supported by multiple vendor advisories and Nessus/NVL references; no exploi...

Buffer overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a...

Buffer overflow

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80202298. By crafting an input buffer we can control the execution path to the point where the nt!memset function is called to ze...

CVE-2018-6853

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a...

CVE-2018-6855

CVE-2018-6855 and related entries describe Local Privilege Escalation in Sophos SafeGuard products (SafeGuard Enterprise < 8.00.5, SafeGuard Easy < 7.00.3, SafeGuard LAN Crypt

CVE-2018-6851

CVE-2018-6851 (and related CVEs 2018-6852/6853/6857) describe local privilege escalation in Sophos SafeGuard products. Affected components include Sophos SafeGuard Enterprise (before 8.00.5), SafeGuard Easy (before 7.00.3), and SafeGuard LAN Crypt (before 3.95.2). The root cause involves crafting...

CVE-2018-6853

Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are affected by a Local Privilege Escalation via IOCTL 0x80206024. By crafting an input buffer, an attacker can steer execution to a path where a global variable is written to a user-con...

CVE-2018-6857

CVE-2018-6857 affects Sophos SafeGuard Enterprise <8.00.5, SafeGuard Easy <7.00.3, and SafeGuard LAN Crypt

CVE-2018-6856

CVE-2018-6856 affects Sophos SafeGuard Enterprise prior to 8.00.5, SafeGuard Easy prior to 7.00.3, and SafeGuard LAN Crypt prior to 3.95.2. The issue is a Local Privilege Escalation via IOCTL 0x8020601C where crafting an input buffer allows controlling the execution path to write a global variabl...

CVE-2018-6852

Vulnerability: Local Privilege Escalation in Sophos SafeGuard Enterprise (pre-8.00.5), SafeGuard Easy (pre-7.00.3), and SafeGuard LAN Crypt (pre-3.95.2). Root cause: crafted input buffer via IOCTL 0x80202298 allows control of execution to the nt!memset call, enabling zeroing of a user‑controlled ...