SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1074-1)

This update for the Linux Kernel 4.4.180-94141 fixes several issues. The following security issues were fixed : CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGESIZE value bsc1183491. CVE-2021-27363: Fixed a kerne...

SUSE-SU-2021:1074-1 Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3)

This update for the Linux Kernel 4.4.180-94141 fixes several issues. The following security issues were fixed: - CVE-2021-27365: Fixed an issue where data structures did not have appropriate length constraints or checks, and could exceed the PAGESIZE value bsc1183491. - CVE-2021-27363: Fixed a...

Sophos Connect Client Remote Code Execution Vulnerability

Sophos Sophos Connect client is an IPsec remote access VPN application from Sophos UK. A security vulnerability exists in Sophos Connect Client versions prior to 2.1, which can be exploited by malicious websites to remotely execute code in Sophos Connect Client. The vulnerability can be exploited...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0835-1)

This update for the Linux Kernel 4.4.121-92149 fixes several issues. The following security issues were fixed : CVE-2020-27786: Fixed a potential user after free which could have led to memory corruption or privilege escalation bsc1179616. CVE-2020-28374: Fixed insufficient identifier checking in...

CentOS 7 : kernel (RHSA-2021:0856)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0856 advisory. - In the Linux kernel before 5.3.9, there are multiple out-of-bounds write bugs that can be caused by a malicious USB device in the Linux kernel HID...

RHEL 7 : kernel-rt (RHSA-2021:0857)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0857 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirement...

RHEL 7 : kernel (RHSA-2021:0856)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0856 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Local buffer overflow in...

EulerOS Virtualization 3.0.6.6 : kernel (EulerOS-SA-2021-1454)

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In cdevget of chardev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of...

OESA-2021-1054 unbound security update

Unbound is a validating, recursive, caching DNS resolver. It is designed to be fast and lean and incorporates modern features based on open standards. To help increase online privacy, Unbound supports DNS-over-TLS which allows clients to encrypt their communication. Unbound is available for most...

Weak Password Vulnerability in DeepSync IPSec VPNs

DeepTrust IPSec VPN provides an all-in-one networking solution for small and medium-sized branches. There is a weak password vulnerability in the DeepSync IPSec VPN. Attackers utilize the vulnerability to log into the system background and obtain sensitive information...

USN-4660-2: Linux kernel regression | Cloud Foundry

Severity Unknown Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with fstrim that could lead to data corruption. This updat...

Important: Red Hat Security Advisory: kernel-alt security update

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Cisco SD-WAN DoS (cisco-sa-sdwan-dosmulti-48jJuEUP)

According to its self-reported version, Cisco SD-WAN is affected by multiple vulnerabilities, including the following: - A denial of service DoS vulnerability exists in the VPN tunneling features of Cisco SD-WAN Software due to insufficient handling of malformed packets. An unauthenticated, remot...

LSN-0074-1: Kernel Live Patch Security Notice

Elena Petrova discovered that the pin controller device tree implementation in the Linux kernel did not properly handle string references. A local attacker could use this to expose sensitive information kernel memory. CVE-2020-0427 Andy Nguyen discovered that the Bluetooth A2MP implementation in...

PT-2021-1862 · Cisco · Cisco Sd-Wan +1

Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN products affected versions not specified Description: Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service DoS attacks against an affected device. The issu...

Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4660-2)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4660-2 advisory. USN-4660-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression in the software raid10 driver when used with...

IBM HTTP Server 7.0.0.0 < 7.0.0.45 / 8.0.0.0 < 8.0.0.15 / 8.5.0.0 < 8.5.5.13 / 9.0.0.0 < 9.0.0.6 Sweet32:Birthday Attack (553351)

The version of IBM HTTP Server running on the remote host is affected by a vulnerability. The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote...

SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2020:2972-1)

The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : CVE-2020-12351: Fixed a type confusion while processing AMP packets aka 'BleedingTooth' aka 'BadKarma' bsc1177724. CVE-2020-12352: Fixed an information leak when...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3433-1)

This update for the Linux Kernel 4.4.180-94113 fixes one issue. The following security issue was fixed : CVE-2020-25645: Fixed an an issue in IPsec that caused traffic between two Geneve endpoints to be unencrypted bnc1177513. Note that Tenable Network Security has extracted the preceding...

SUSE SLES12 Security Update : kernel (SUSE-SU-2020:3544-1)

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bug fixes. The following security bugs were fixed : CVE-2020-25705: A flaw in the way reply ICMP packets are limited in was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote...