SUSE: Security Advisory (SUSE-SU-2021:3944-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5088-1 edk2 vulnerabilities

It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information or execute arbitrary code. CVE-2019-11098 Paul Kehrer discovered that OpenSSL use...

Important Photon OS Security Update - PHSA-2021-0428

Updates of 'glibc' packages of Photon OS have been released...

UBUNTU-CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access...

EDKII MdeModulePkg 输入验证错误漏洞

EDKII is an open source project that provides a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications developed and maintained by the UEFI Forum. A security vulnerability exists in EDKII MdeModulePkg that stems from insufficient input validation ...

Denial-of-Service within Docker container

Impact If you run teler inside a Docker container and encounter errors.Exit function, it will cause denial-of-service SIGSEGV because it doesn't get process ID and process group ID of teler properly to kills. Specific Go Packages Affected ktbs.dev/teler/pkg/errors Patches Upgrade to the = 0.0.1...

GHSA-9VP5-M38W-J776 Aliases are never checked in helm

Impact During a security audit of Helm's code base, security researchers at Trail of Bits identified a bug in which the alias field on a Chart.yaml is not properly sanitized. This could lead to the injection of unwanted information into a chart. Patches This issue has been patched in Helm 3.3.2 a...

SUSE: Security Advisory (SUSE-SU-2017:2264-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2018-13419 affecting package libsndfile 1.0.28-14

CVE-2018-13419 affecting package libsndfile 1.0.28-14. An upgraded version of the package is available that resolves this issue...

Denial Of Service (DoS)

github.com/istio/istio is vulnerable to denial of service DoS. The vulnerability exists through a NULL pointer dereference in pilot/pkg/proxy/envoy/v2/debug.go through the getResoourceVersion function...

libvpx security update

1.3.0-8 - Fix for CVE-2020-0034 - Resolves: rhbz1823909 1.3.0-7 - Fix for CVE-2019-9232 and CVE-2019-9433 - Resolves: rhbz1796085, rhbz1796099 1.3.0-6 - Fix for CVE-2017-0393 - Resolves: rhbz1779498 1.3.0-4 - fix Illegal Instruction abort 1.3.0-3 - update library symbol list for 1.3.0 from Debian...

Arbitrary File Write

github.com/u-root/u-root/pkg/tarutil is vulnerable to arbitrary file write. The vulnerability exists due to the incorrect usage of filepath.Join"/", path when performing cpio file extraction...

Path traversal

This affects all versions of package github.com/u-root/u-root/pkg/cpio. It is vulnerable to leading, non-leading relative path traversal attacks and symlink based relative and absolute path traversal attacks in cpio file extraction...

openSUSE Security Update : osc (openSUSE-2020-852)

This update for osc to 0.169.1 fixes the following issues : Security issue fixed : - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths bsc1122675. Non-security issues fixed : - Improved the speed and usability of osc bash completion. - improved some error...

Fedora: Security Advisory for apt (FEDORA-2020-f03cfe3df5)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 32 Update: apt-2.1.7-1.fc32

This package provides commandline tools for searching and managing as well as querying information about packages as a low-level access to all features of the libapt-pkg library. These include: apt-get for retrieval of packages and information about them from authenticated sources and for...

Acronis: Acronis True Image Local Privilege Escalation via insecure folder permissions

Note: This has been submitted via service desk earlier, and I got a call from Acronis customer service that it's up on H1 and I should submit it there as well. All of the Acronis LaunchDaemons except the price helper which can be found here: /Library/LaunchDaemons/com.acronis. start an app / scri...

CVE-2020-5755

Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation...

FreeBSD : pkg -- vulnerability in libfetch (2af10639-4299-11ea-aab1-98fa9bfec35a)

A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch3 buffers. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2020 Jacqu...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server (IHS) affect IBM Security SiteProtector System (CVE-2015-1283, CVE-2015-3183 and CVE-2015-4947)

Summary There are multiple vulnerabilities in IBM HTTP Server IHS that is used by IBM Security SiteProtector System. Vulnerability Details CVEID: CVE-2015-1283 DESCRIPTION: Multiple integer overflows in the XMLGetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89...