[SECURITY] Fedora 32 Update: cyrus-sasl-2.1.27-4.fc32

The cyrus-sasl package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols...

ImageMagick: division by zero in RemoveDuplicateLayers in MagickCore/layer.c

ImageMagick 7.0.1-0 to 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLayers in MagickCore/layer.c...

CVE-2020-5860

On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12.1.5.1, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, in a High Availability HA network failover in Device Service Cluster DSC, the failover service does not require a strong form of authentication and HA...

Cisco FXOS Software Link Layer Discovery Protocol DoS (cisco-sa-20181017-fxnx-os-dos)

A denial of service DoS vulnerability exists in Cisco FX-OS Software due to improper input validation of certain type, length, value TLV fields of the LLDP frame header. An unauthenticated, local attacker can exploit this issue, by sending a crafted LLDP packet to an interface on the targeted...

wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...

Akamai's Prolexic Platform Completes Fifth Generation Upgrade

Akamai introduces new enhancements today to its Prolexic Routed purpose-built DDoS scrubbing service that reflect the changing nature of the threat landscape and capitalize on cloud functionality to enable maximum customer flexibility using newer deployment models. For anyone worried about DDoS...

User Survey 2020 Report Shows Rapid Growth In Apache Pulsar Adoption

For the first time ever, the Apache Pulsar PMC team is publishing a user survey report. The 2020 Apache Pulsar User Survey Report reveals Pulsar's accelerating rate of global adoption, details how organizations are leveraging Pulsar to build real-time streaming applications, and highlights key...

DEBIAN-CVE-2019-15522

An issue was discovered in LINBIT csync2 through 2.0. csyncdaemonsession in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL...

UBUNTU-CVE-2019-15522

An issue was discovered in LINBIT csync2 through 2.0. csyncdaemonsession in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL...

mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.

A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive...

mina-core: Retaining an open socket in close_notify SSL-TLS leading to Information disclosure.

A cryptographic protocol integrity flaw was discovered in Apache Mina. The closure of a TLS session would not always result in closure of the socket, allowing the conversation to continue in clear text. This could undermine the confidentiality of a connection and potentially disclose sensitive...

USN-4307-1 apache2 update

As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments...

Microsoft Windows SMB 3.1.1 Remote Code Execution

Exploit Title: Windows SMBv3 Client/Server Remote Code Execution Vulnerability - remote Author: nu11secur1ty Date: 2020-03-14 Vendor: https://smb.wsu.edu/ Link: https://github.com/nu11secur1ty/Windows10Exploits/tree/master/Undefined/CVE-2020-0796 CVE: CVE-2020-0796 + Credits: Ventsislav Varbanovs...

add-psd-layer (=0.1.0), agkit (=0.27.0) +36 more potentially affected by CVE-2020-10571 via psd-tools (>=1.10.2 <=1.9.28)

psd-tools PYPI version =1.10.2, =0.1.2, =0.1.1, =0.1.0, =2.0.0, =4.1.0, =0.8.0, =0.1.0, =0.1.6, =2023.0.0, =1.1.0, =2024.0.0, =0.3.0, =0.9.1 and more Source cves: CVE-2020-10571 Source advisory: OSV:PYSEC-2020-91...

wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...

wildfly: The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption...

CVE-2020-0884

A spoofing vulnerability exists in Microsoft Visual Studio as it includes a reply URL that is not secured by SSL, aka 'Microsoft Visual Studio Spoofing Vulnerability'...

Cisco NX-OS Software Cisco Discovery Protocol Arbitrary Code Execution and DoS (cisco-sa-20200226-fxos-nxos-cdp)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability in the Cisco Discovery Protocol feature due to insufficient validation of Cisco Discovery Protocol packet headers. An unauthenticated, adjacent attacker can exploit this, by sending a crafted Cisco Discove...

envoy: Incorrect Access Control when using SDS with Combined Validation Context

An access control bypass vulnerability was found in envoy. When the same TLS secret is used across multiple resources, the client's data, such as the subject alternative name or hash, is not validated. This flaw could lead to a possible bypass of security restrictions...

undertow: possible Denial Of Service (DOS) in Undertow HTTP server listening on HTTPS

A vulnerability was found in the Undertow HTTP server listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service DOS to make the service unavailable on SSL...