GHSA-R6WW-5963-7R95 Denial of Service via reachable assertion

A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...

Denial of Service via reachable assertion

A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...

Ubuntu: Security Advisory (USN-74-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:0568-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2020:0699-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:0642-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : gcc7 (openSUSE-2020-2301)

This update for gcc7 fixes the following issues : - CVE-2020-13844: Added mitigation for aarch64 Straight Line Speculation issue bsc1172798 - Enable fortran for the nvptx offload compiler. - Update README.First-for.SuSE.packagers - avoid assembler errors with AVX512 gather and scatter instruction...

Security update for gcc7 (moderate)

openSUSE Security Update: Security update for gcc7 Announcement ID: openSUSE-SU-2020:2301-1 Rating: moderate References: 1150164 1161913 1167939 1172798 1178577 1178614 1178624 1178675 Cross-References: CVE-2020-13844 Affected Products: openSUSE Leap 15.2 An update that solves one vulnerability a...

FreeBSD : libX11 -- Doublefree in locale handlng code (8da79498-e6f6-11ea-8cbf-54e1ad3d6335)

The X.org project reports : There is an integer overflow and a double free vulnerability in the way LibX11 handles locales. The integer overflow is a necessary precursor to the double free. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

USN-4439-1: Linux kernel vulnerabilities

It was discovered that the network block device nbd implementation in the Linux kernel did not properly check for error conditions in some situations. An attacker could possibly use this to cause a denial of service system crash. CVE-2019-16089 It was discovered that the btrfs file system...

Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4427-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4427-1 advisory. It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could...

CVE-2020-11090

In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down...

CVE-2020-11090

In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down...

CVE-2020-11090

Indy Node 1.12.2 contains an Uncontrolled Resource Consumption vulnerability in the TAA handling code. A malformed client transaction can crash the current primary, triggering view changes that, if repeated rapidly, may disrupt the network. The issue is fixed in version 1.12.3; users should upgra...

SUSE SLES12 Security Update : ovmf (SUSE-SU-2020:0699-1)

This update for ovmf fixes the following issues : Security issues fixed : CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation bsc1163959. CVE-2019-14553: Fixed the TLS certification verification in HTTPS-over-IPv6 boot sequences bsc1153072. CVE-2019-14559: Fixed a...

openSUSE Security Update : ovmf (openSUSE-2020-314)

This update for ovmf fixes the following issues : Security issues fixed : - CVE-2019-14563: Fixed a memory corruption caused by insufficient numeric truncation bsc1163959. - CVE-2019-14553: Fixed the TLS certification verification in HTTPS-over-IPv6 boot sequences bsc1153072. - CVE-2019-14559:...

Privilege Escalation

Linux kernel is vulnerable to privilege escalation vulnerability. This occurs in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel. An attacker to overwrite a kernel memory from an unprivileged userspace process causing a privilege escalation...

Unbreakable Enterprise kernel security update

4.1.12-124.21.1 - hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! Mike Kravetz Orabug: 28839992 - scsi: libsas: fix memory leak in sassmpgetphyevents Jason Yan Orabug: 27927687 CVE-2018-7757 - KVM: vmx: shadow more fields that are read/written on every vmexits Paolo Bonzini Orabug: 2858104...

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3762-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3762-2 advisory. USN-3762-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3762-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3762-1 advisory. It was discovered that the VirtIO subsystem in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to...