Facebook WhatsApp 安全漏洞

Facebook WhatsApp is a suite of mobile applications from Facebook Inc. in the United States that use the Internet to send text messages. The application uses the contact information in a smartphone to find contacts using the program to send texts, pictures, etc. WhatsApp Business is the commercia...

The vulnerability in the implementation of the TLS protocol by the OpenSSL library, which allows a attacker to cause a service failure

The vulnerability of the TLS protocol implementation in the OpenSSL library is related to pointer arithmetic errors. Exploiting this vulnerability allows a malicious actor to cause a service failure by using a specially crafted “ClientHello” message...

The vulnerability of the Application Layer DNS Gateway Function (ALG) of Cisco IOS XE, which allows a hacker to trigger a device reboot or cause a service failure.

The vulnerability of the Application Layer DNS Gateway Function ALG of Cisco IOS XE lies in insufficient checking of unusual or exceptional states. Exploiting this vulnerability can allow a malicious actor to trigger a device reboot or cause service failure through a specially crafted DNS packet...

The vulnerability of the TLS module in configuration management systems and remote execution of Salt operations, related to the improper assignment of permissions for critical resources, allows attackers to gain access to confidential data.

The vulnerability of the TLS module in configuration management systems and remote execution of Salt operations is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability allows an attacker to gain access to confidential data...

Important: Red Hat Security Advisory: openssl security update

An update for openssl is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

openssl: NULL pointer dereference in signature_algorithms processing

A flaw was found in openssl. A server crash and denial of service attack could occur if a client sends a TLSv1.2 renegotiation ClientHello and omits the signaturealgorithms extension but includes a signaturealgorithmscert extension. The highest threat from this vulnerability is to system...

The vulnerability of the LLDP protocol implementation under Unix, Lldpd, and the Open vSwitch software multi-level switch, is related to a flaw in the resource consumption control mechanism. This vulnerability allows a perpetrator to cause a service failure.

The vulnerability of the LLDP protocol implementation under Unix, Lldpd, and the Open vSwitch software multi-level switch, is related to a bug in the resource management mechanism. Exploiting this vulnerability allows a remote attacker to cause service interruptions...

May 4, 2021, update for Outlook 2016 (KB5001921)

May 4, 2021, update for Outlook 2016 KB5001921 This article describes update 5001921 for Microsoft Outlook 2016 that was released on May 4, 2021.Be aware that the update in the Microsoft Download Center applies to the Microsoft Installer .msi-based edition of Office 2016. It doesn't apply to the...

DEBIAN-CVE-2021-22890

curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived...

AZL-44580 CVE-2021-20291 affecting package buildah for versions less than 1.41.4-2

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

DEBIAN-CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

UBUNTU-CVE-2021-20291

A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using tar. If one of those layers is not a valid tar archive this causes an error leading to an unexpected situation where the code...

DEBIAN-CVE-2021-28165

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame...

Eclipse Jetty 资源管理错误漏洞

Eclipse Jetty is the Eclipse Foundation of an open source , Java-based Web server and Java Servlet container . A security vulnerability exists in Eclipse Jetty 7.2.2 through 9.4.38, 10.0.0.alpha0 through 10.0.1, and 11.0.0.alpha0 through 11.0.1, which stems from abnormal processing after receivin...

CVE-2021-23005

On all 7.x and 6.x versions fixed in 8.0.0, when using a Quorum device for BIG-IQ high availability HA for automatic failover, BIG-IQ does not make use of Transport Layer Security TLS with the Corosync protocol. Note: Software versions which have reached End of Software Development EoSD are not...

lldp/openvswitch: denial of service via externally triggered memory leak

A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability...

lldp/openvswitch: denial of service via externally triggered memory leak

A flaw was found in multiple versions of Open vSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs, potentially causing a denial of service. The highest threat from this vulnerability is to system availability...

TLS 1.3 session ticket proxy host mix-up

Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes. When using an HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote serve...

A flaw was found in multiple versions of OpenvSwitch. Specially crafted LLDP packets can cause memory to be lost when allocating data to handle specific optional TLVs potentially causing a denial of service. The highest threat from this vulnerability is to system availability.

...

OpenSSL Trust Management Issues Vulnerabilities

OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. The product supports a variety of cryptographic algorithms , including symmetric ciphers , hash algorithms ,...