OESA-2021-1420 rubygem-excon security update

EXtended https CONnections. Security Fixes: In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave data on the socket. Subsequent requests would then read this data, returning content from...

The vulnerability of the SSL/TLS module of the microprogramming-based network interface controllers of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower Threat Defense (FTD) allows attackers to induce service failures.

The vulnerability of the SSL/TLS microprogramming software used in Cisco Adaptive Security Appliances ASA and Cisco Firepower Threat Defense FTD lies in the execution of operations outside of the buffer in memory. Exploitation of this vulnerability could allow a malicious actor to cause service...

The vulnerability of the Squid proxy server, related to insufficient validation of input data, allows attackers to trigger a service failure.

The vulnerability of the Squid proxy server is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the ImfMultiPartInputFile component, which processes graphic image files in the OpenEXR format, relates to writing beyond the buffer boundary. This allows a malicious actor to trigger a service failure.

The vulnerability of the ImfMultiPartInputFile component, which handles graphic image files in OpenEXR format, relates to writing beyond the buffer boundaries. Exploiting this vulnerability could allow an attacker to cause service interruptions...

The vulnerability in the `os/unix/ngx_files.c` component of the NGINX application monitoring and management platform allows a attacker to cause a service failure.

The vulnerability in the os/unix/ngxfiles.c component of the NGINX application monitoring and management platform is related to the use of a null pointer. Exploiting this vulnerability could allow an attacker to cause service interruptions...

Vulnerability of the Server component: The MySQL Server database management system for Windows, which is vulnerable due to insufficient validation of input data, allows attackers to trigger service failures.

Vulnerability of the MySQL Server component: The MySQL Server component of Windows database management systems has vulnerabilities due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability of the TCP/IP protocol implementation in the Windows operating system allows a hacker to cause a service failure.

The vulnerability of the TCP/IP protocol implementation in the Windows operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerabilities of the `cdf_read_sat`, `cdf_read_long_sector_chain`, and `cdf_read_ssat` functions, which are utilities for determining the type of specified files in a File object. These vulnerabilities are related to buffer overflows in memory, allowing attackers to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerabilities of the cdfreadsat, cdfreadlongsectorchain, and cdfreadssat functions, which are used to determine the type of the specified files, are related to buffer overflows in memory. Exploiting these vulnerabilities can allow an attacker to gain access to confidential data, compromise...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to the allocation of unlimited memory, allows a hacker to trigger a service failure.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the ignoring of a request parameter when working through the API. Exploiting this vulnerability can allow an attacker, operating remotely, to cause service interruptions...

The vulnerability of the show-status function of the CGI proxy HTTP Privoxy handler, related to improper memory release before deleting last links, allows a hacker to trigger a service failure.

The vulnerability of the show-status function in the CGI proxy HTTP Privoxy handler is related to improper memory release before deleting last links. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to uncontrolled resource consumption, allows a hacker to trigger a service failure.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the ability to create recursive pipeline connections. Exploiting this vulnerability allows a malicious actor to trigger service interruptions remotely...

The vulnerabilities of JunOS Evolved and Junos operating systems are caused by deficiencies in authentication procedures, which allow attackers to gain unauthorized access to protected information or cause partial service interruptions.

The vulnerabilities of JunOS Evolved and Junos are due to deficiencies in the authentication process. Exploiting these vulnerabilities can allow a malicious actor, operating remotely, to gain unauthorized access to protected information or cause partial service interruptions...

ROS-2-641

2.641 Vulnerability in OpenVPN CVE-2020-11810 1. Vulnerability description: A corrective release of the OpenVPN 2.4.9 virtual private networking package has been generated. The new version addresses a vulnerability CVE-2020-11810 that allows a client session to be transferred to a new IP address...

The gravity.sol router should have pause/unpause functionality.

Handle tensors Vulnerability details In case a hack is occuring or an exploit is discovered, the team or validators in this case should be able to pause functionality until the necessary changes are made to the system. Additionally, the gravity.sol contract should be manged by proxy so that...

The vulnerability of the DVMRP (Distance Vector Multicast Routing Protocol) implementation in Juniper Networks’ Junos OS-based QFX10K routers allows a attacker to cause service interruptions.

The vulnerability of the DVMRP Distance Vector Multicast Routing Protocol implementation in Juniper Networks’ Junos OS-based QFX10K routers stems from packet looping due to incorrect comparison of Ethernet segment identifiers. Exploiting this vulnerability can allow a malicious actor to cause...

F5 BIG-IP DNS denial-of-service vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial of service vulnerability exists in F5 BIG-IP DNS, which stems from the fact that when the BIG-IP DNS system is...

The vulnerability of the Scripting Engine component in Windows operating systems allows a hacker to trigger a service failure.

The vulnerability of the Scripting Engine component in Windows operating systems relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

The vulnerability of the sevenz archive software package from Apache Commons Compress allows a hacker to trigger a service failure.

The vulnerability of the sevenz archive software package from Apache Commons Compress is related to errors in processing parameter values related to the length of input data. Exploiting this vulnerability could allow an attacker to cause service interruptions...

The vulnerability of the “Sharing” function in the Google Chrome web browser, which allows a hacker to trigger a service failure.

The vulnerability of the “Sharing” function in the Google Chrome web browser is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

The vulnerability of the do_uncompress_block and process_block functions in the libarchive library allows a hacker to trigger a service failure.

The vulnerability of the douncompressblock and processblock functions in the libarchive library is related to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...