9182 matches found
The vulnerability of the stealth mode feature in the LibreOffice office software package allows a intruder to gain unauthorized access to protected information, execute arbitrary code, or cause a service failure.
The vulnerability of the stealth mode feature in the LibreOffice office software package is related to the incorrect implementation of security mechanisms. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information, execute...
Design/Logic Flaw
RIOT through 2019.07 contains a memory leak in the TCP implementation gnrctcp, allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to receive in sys/net/gnrc/transportlayer/tcp/gnrctcpeventloop.c...
CVE-2019-15134
RIOT through 2019.07 contains a memory leak in the TCP implementation gnrctcp, allowing an attacker to consume all memory available for network packets and thus effectively stopping all network threads from working. This is related to receive in sys/net/gnrc/transportlayer/tcp/gnrctcpeventloop.c...
CVE-2019-15134
CVE-2019-15134 affects RIOT OS (GNRC TCP) up through 2019.07. The issue is a memory leak in the TCP implementation (gnrc_tcp) triggered in _receive within sys/net/gnrc/transport_layer/tcp/gnrc_tcp_eventloop.c when an ACK is received before a SYN. This can cause unbounded memory consumption for ne...
openSUSE: Security Advisory for java-11-openjdk (openSUSE-SU-2019:1916-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
OPENSUSE-SU-2019:1916-1 Security update for java-11-openjdk
This update for java-11-openjdk to version jdk-11.0.4+11 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769:...
OPENSUSE-SU-2019:1912-1 Security update for java-1_8_0-openjdk
This update for java-180-openjdk to version 8u222 fixes the following issues: Security issues fixed: - CVE-2019-2745: Improved ECC Implementation bsc1141784. - CVE-2019-2762: Exceptional throw cases bsc1141782. - CVE-2019-2766: Improve file protocol handling bsc1141789. - CVE-2019-2769: Better...
Security update for java-1_8_0-openjdk (important)
openSUSE Security Update: Security update for java-180-openjdk Announcement ID: openSUSE-SU-2019:1912-1 Rating: important References: 1115375 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 Cross-References: CVE-2019-2745 CVE-2019-2762 CVE-2019-2766 CVE-2019-2769 CVE-2019-2786...
Information Disclosure
kernel is vulnerable to information disclosure. A Spectre gadget was found in the Linux kernel's implementation of system interrupts. An attacker with local access could use this information to reveal private data through a Spectre like side channel...
Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-4093-1)
The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4093-1 advisory. It was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause...
Ubuntu 16.04 LTS : Linux kernel vulnerabilities (USN-4095-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4095-1 advisory. Eli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during...
USN-4094-1: Linux kernel vulnerabilities
It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. CVE-2018-13053 Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track...
MGASA-2019-0220 Updated kernel packages fix security vulnerabilities
This kernel update provides an update to the kernel 5.2 series, currently based on 5.2.7 adding support for newer hardware and other new features. It also fixes at least the following security issues: A Spectre SWAPGS gadget was found in the Linux kernel's implementation of system interrupts. An...
Sensitive Data Exposure
Overview Versions of msrcrypto prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography ECC implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is n...
Ubuntu 16.04 LTS : OpenJDK 8 vulnerabilities (USN-4080-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4080-1 advisory. Keegan Ryan discovered that the ECC implementation in OpenJDK was not sufficiently resilient to side- channel attacks. An attacker could possibly use thi...
Debian DSA-4495-1 : linux - security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2018-20836 chenxiang reported a race condition in libsas, the kernel subsystem supporting Serial Attached SCSI SAS devices, which could lead to a...
Oracle Linux 7 : kernel (ELSA-2019-1873)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1873 advisory. - net tcp: enforce tcpminsndmss in tcpmtuprobing Florian Westphal 1719914 1719915 CVE-2019-11479 - net tcp: add tcpminsndmss sysctl Florian Westphal...
[SECURITY] Fedora 30 Update: icedtea-web-1.8-3.fc30
The IcedTea-Web project provides a Java web browser plugin, an implementati on of Java Web Start originally based on the Netx project and a settings too l to manage deployment settings for the aforementioned plugin and Web Start implementations...
How Apple Pay Buttons Can Make Websites Less Safe
Apple Pay itself is safe. But the way websites implement it can cause serious problems...
Insecure Cryptography
msrcrypto is vulnerable to insecure cryptography. The vulnerability exists as there are issues with the Elliptic Curve Cryptography ECC implementation, allowing invalid ECDSA signatures to be created through the learning of a server's private ECC key...