9164 matches found
openSUSE Security Update : cronie (openSUSE-2019-1520)
This update for cronie fixes the following issues : Security issues fixed : - CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon bsc1128937. - CVE-2019-9705: Fixed an implementation vulnerabili...
CVE-2019-5295
Huawei Honor V10 smartphones versions earlier than Berkeley-AL20 9.0.0.125C00E125R2P14T8 have an authorization bypass vulnerability. Due to improper authorization implementation logic, attackers can bypass certain authorization scopes of smart phones by performing specific operations. This...
Is 'Sign in with Apple' Marketing Spin or Privacy Magic? Experts Weigh In
Apple’s “Sign in with Apple” feature promises to protect user privacy – and while many are looking at that claim as more of a marketing move than anything else, authentication experts say it has the potential to have an enormous impact on the data privacy ecosystem. The giant from Cupertino took...
Fedora Update for community-mysql FEDORA-2019-6a8a9efc40
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Amazon Linux 2 : openssh (ALAS-2019-1216)
An issue was discovered in OpenSSH. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned only directory traversal attacks are prevented. A...
Debian DLA-1799-2 : linux security update (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. This updated advisory text adds a note about the need to install new binary packages. CVE-2018-5995 ADLab of VenusTech discovered that the kernel logge...
Fedora 30 : mod_http2 (2019-08e57d15fd)
Code cleanups and Simplifications : - in stream instance and main connection output handling for a common strategy in h2/h2c versions of the protocol. Stream instances are kept in one place which will make future optimizations in state handling easier. - Discarding idea of re-using bucket beams a...
Debian DSA-4450-1 : wpa - security update
A vulnerability was found in the WPA protocol implementation found in wpasupplication station and hostapd access point. The EAP-pwd implementation in hostapd EAP server and wpasupplicant EAP peer doesn't properly validate fragmentation reassembly state when receiving an unexpected fragment. This...
Fedora Update for mediaconch FEDORA-2019-1736c1268d
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for mediaconch FEDORA-2019-b7cf3236fb
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for mediaconch FEDORA-2019-7155125125
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 28 Update: mediaconch-18.03.2-7.fc28
MediaConch is an implementation checker, policy checker, reporter, and fixer that targets preservation-level audiovisual files specifically Matroska, Linear Pulse Code Modulation LPCM and FF Video Codec 1 FFV1. This project is maintained by MediaArea and funded by PREFORMA. This package includes...
Design/Logic Flaw
Adobe Dreamweaver versions 19.0 and earlier have an insecure protocol implementation vulnerability. Successful exploitation could lead to sensitive data disclosure if smb request is subject to a relay attack...
CVE-2019-5627 BlueCats Reveal iOS App Insecure Storage
The iOS mobile application BlueCats Reveal before 5.14 stores the username and password in the app cache as base64 encoded strings, i.e. clear text. These persist in the cache even if the user logs out. This can allow an attacker to compromise the affected BlueCats network implementation. The...
SUSE SLES11 Security Update : java-1_7_1-ibm (SUSE-SU-2019:14059-1)
This update for java-171-ibm fixes the following issues : Update to Java 7.1 Service Refresh 4 Fix Pack 45. Security issues fixed : CVE-2019-10245: Fixed Java bytecode verifier issue causing crashes bsc1134718. CVE-2019-2698: Fixed out of bounds access flaw in the 2D component bsc1132729...
Updated kernel-linus packages fixes security vulnerabilities
This kernel update provides the upstream 4.14.119 that adds the kernel side mitigations for the Microarchitectural Data Sampling MDS, also called ZombieLoad attack vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. To complete the mitigatio...
Denial Of Service (DoS)
Linux kernel is vulnerable to denial of serviceDoS attacks. This is because the Serial Attached SCSI SAS implementation mishandles a mutex within libsas. This allows local users to cause a denial of service deadlock by triggering certain error-handling code...
Denial Of Service (DoS)
Python is vulnerable to denial of serviceDoS attacks. This is because the implementation of catastrophic backtracking. A remote authenticated user could trigger a denial of service condition via backtracking in 'difflib.ISLINEJUNK' method in difflib which may leads to a application crash...
CVE-2019-1730 Cisco NX-OS Software Bash Bypass Guest Shell Vulnerability
A vulnerability in the Bash shell implementation for Cisco NX-OS Software could allow an authenticated, local attacker to bypass the limited command set of the restricted Guest Shell and execute commands at the privilege level of a network-admin user outside of the Guest Shell. The attacker must...
EulerOS Virtualization 3.0.1.0 : libxml2 (EulerOS-SA-2019-1559)
According to the versions of the libxml2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs...