9165 matches found
SUSE-SU-2019:14190-1 Security update for dnsmasq
This update for dnsmasq fixes the following issues: Security issue fixed: - CVE-2017-15107: Fixed a vulnerability in DNSSEC implementation. Processing of wildcard synthesized NSEC records may result improper validation for non-existance. bsc1076958 Non-security issue fixed: - Removed cache size...
Code injection
The Twitter Kit framework through 3.4.2 for iOS does not properly validate the api.twitter.com SSL certificate. Although the certificate chain must contain one of a set of pinned certificates, there are certain implementation errors such as a lack of hostname verification. NOTE: this is an...
Incorrect implementation of the Streebog hash functions
Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...
RUSTSEC-2019-0030 Incorrect implementation of the Streebog hash functions
Internal update-sigma function was implemented incorrectly and depending on debug-assertions it could've caused an incorrect result or panic for certain inputs...
More Cryptanalysis of Solitaire
In 1999, I invented the Solitaire encryption algorithm, designed to manually encrypt data using a deck of cards. It was written into the plot of Neal Stephenson's novel Cryptonomicon, and I even wrote an afterward to the book describing the cipher. I don't talk about it much, mostly because I mad...
OPENSUSE-SU-2019:2232-1 Security update for nghttp2
This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service bsc1146184. - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size...
Building the Azure IoT Edge Security Daemon in Rust
Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as t...
Building the Azure IoT Edge Security Daemon in Rust
Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as t...
CVE-2019-16754
RIOT 2019.07 contains a NULL pointer dereference in the MQTT-SN implementation asymcute, potentially allowing an attacker to crash a network node running RIOT. This requires spoofing an MQTT server response. To do so, the attacker needs to know the MQTT MsgID of a pending MQTT protocol message an...
Cisco NX-OS Precision Time Protocol (PTP) Denial of Service Vulnerability
According to its self-reported version, the Cisco NX-OS Software is affected by a denial of service DoS vulnerability which exists in its Precision Time Protocol PTP implementation due to a lack of protection against PTP frame flood attacks. An unauthenticated, remote attacker can exploit this...
Deserialization Of Untrusted Data
FasterXML jackson-databind is vulnerable to deserialization of untrusted data. There is a polymorphic typing issue because there are more than one association gadget types related to CXF JAX-RS implementation by default...
EulerOS 2.0 SP5 : openssh (EulerOS-SA-2019-1908)
According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server or Man-in-The-Middle...
KLA11583 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader
Multiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Type confusion vulnerability can be exploited to execute...
python27:2.7 bug fix update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...
ALBA-2019:2717 python27:2.7 bug fix update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...
python36:3.6 bug fix update
An update is available for python-docutils, python-pygments, python-PyMySQL, python-docs, python36, python-nose. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list...
python36:3.6 bug fix update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...
ALBA-2019:2716 python36:3.6 bug fix update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Bux Fixes:...
CVE-2019-15919
An flaw was discovered in the Linux kernel's CIFS client implementation. While issuing an SMB2write, a value can be used after it was intended to be freed when CIFS function tracing is enabled. Even though the data is used after being freed, using it to for privilege escalation does not seem...
Fedora Update for kea FEDORA-2019-0811a88d77
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...