samba 安全漏洞

Samba is the standard Windows interoperability program suite for Linux and Unix. A security vulnerability exists in samba. An attacker could exploit this vulnerability to access AD LDAP attributes...

russh may use insecure Diffie-Hellman keys

Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $eDH Public Key values MUST be checked and both conditions: - $1...

GHSA-CQVM-J2R2-HWPG russh may use insecure Diffie-Hellman keys

Summary Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Details Russh does not validate Diffie-Hellman keys. It accepts received DH public keys $e$ where $eDH Public Key values MUST be checked and both conditions: - $1...

CVE-2023-28113

Summary: The CVE-2023-28113 issue affects russh, a Rust SSH client/server library. The root cause is insufficient validation of Diffie-Hellman (DH) keys, allowing certain invalid DH public values (e, e

CVE-2023-28113 russh may use insecure Diffie-Hellman keys

russh is a Rust SSH client and server library. Starting in version 0.34.0 and prior to versions 0.36.2 and 0.37.1, Diffie-Hellman key validation is insufficient, which can lead to insecure shared secrets and therefore breaks confidentiality. Connections between a russh client and server or those ...

PYSEC-2023-21

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Versions 7.0.0 and above, prior to 7.2.2, are vulnerable to Missing Authorization. Any LTI tool that is integrated with on the Open edX platform can post a grade back...

PT-2023-19073 · Open Edx · Lti Consumer Xblock

Name of the Vulnerable Software and Affected Versions: LTI Consumer XBlock versions 7.0.0 through 7.2.2 Description: The LTI Consumer XBlock implements the consumer side of the LTI specification, enabling integration of third-party LTI provider tools. Any LTI tool integrated with the Open edX...

ipa bug fix and enhancement update

An update is available for ipa. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky Enterprise Software Foundation Identity Management IdM is a centralized...

2022 Annual Metasploit Wrap-Up

It's been another gangbusters year for Metasploit, and the holidays are a time to give thanks to all the people that help make our load a little bit lighter. So, while this end-of-year wrap-up is a highlight reel of the headline features and extensions that landed in Metasploit-land in 2022, we...

[SECURITY] Fedora 36 Update: samba-4.16.8-0.fc36

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

Fedora: Security Advisory for samba (FEDORA-2022-7f9021ead1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Microchip RN4870 安全漏洞

The Microchip RN4870 is a Bluetooth low energy module chip from Microchip, Inc. A security vulnerability exists in the Microchip RN4870 module firmware version 1.43, which stems from a denial of message issue, which could potentially create interoperability issues between different devices...

Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities

Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in...

Cumulative Update 42 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.43.49498, Platform Build 14.0.49494)

Cumulative Update 42 for Microsoft Dynamics 365 Business Central April'19 on-premises Application Build 14.43.49498, Platform Build 14.0.49494 Overview This cumulative update replaces previously released cumulative updates. You should always install the latest cumulative update. This update also...

Update 16.19 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 (Application Build 16.19.49472, Platform Build 16.0.49350)

Update 16.19 for Microsoft Dynamics 365 Business Central 2020 Release Wave 1 Application Build 16.19.49472, Platform Build 16.0.49350 Note: The build number of this update is incremented by 2. Overview This update replaces previously released updates. You should always install the latest update...

Cumulative Update 61 for Microsoft Dynamics NAV 2017 (Build 30699)

Cumulative Update 61 for Microsoft Dynamics NAV 2017 Build 30699 Overview This cumulative update includes all hotfixes and regulatory features that have been released for Microsoft Dynamics NAV 2017, including hotfixes and regulatory features that were released in previous cumulative updates. Thi...

Apple Is Finally Encrypting iCloud Backups

After way too many years, Apple is finally encrypting iCloud backups: Based on a screenshot from Apple, these categories are covered when you flip on Advanced Data Protection: device backups, messages backups, iCloud Drive, Notes, Photos, Reminders, Safari bookmarks, Siri Shortcuts, Voice Memos,...

UBUNTU-CVE-2022-45152

A blind Server-Side Request Forgery SSRF vulnerability was found in Moodle. This flaw exists due to insufficient validation of user-supplied input in LTI provider library. The library does not utilise Moodle's inbuilt cURL helper, which resulted in a blind SSRF risk. An attacker can send a...

[SECURITY] Fedora 37 Update: samba-4.17.3-0.fc37

Samba is the standard Windows interoperability suite of programs for Linux and Unix...

Update 19.13 for Microsoft Dynamics 365 Business Central (on-premises) 2021 Release Wave 2 (Application Build 19.13.48486, Platform Build 19.0.48446)

Update 19.13 for Microsoft Dynamics 365 Business Central on-premises 2021 Release Wave 2 Application Build 19.13.48486, Platform Build 19.0.48446 Overview This update replaces previously released updates. You should always install the latest update. This update also fixes an information disclosur...