Mozilla Firefox Security Advisory (MFSA2014-81) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5137-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5137-1 advisory. It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use...

Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-5136-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5136-1 advisory. It was discovered that the f2fs file system in the Linux kernel did not properly validate metadata in some situations. An attacker could use...

Denial Of Service (DoS)

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided...

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2021-2636)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can be triggered by an untrusted device that...

Why the Next-Generation of Application Security Is Needed

By David Brumley Software is revolutionizing the way the world operates. From driverless cars to cryptocurrency, software reimagines possibilities. With software standing at the core of everything we do, we find ourselves pushing out code faster than ever. Current estimates show that there are mo...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5117-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5117-1 advisory. It was discovered that the btrfs file system in the Linux kernel did not properly handle removing a non- existent device id. An attacker with CAPSYSADMIN...

FreeBSD 竞争条件问题漏洞

FreeBSD is a set of Unix-like operating systems from the Freebsd Foundation. FreeBSD suffers from a Competing Conditions Problem vulnerability that arises from improper handling of concurrent accesses during operation of a networked system or product where concurrent code requires mutually...

CVE-2021-20320

A flaw was found in s390 eBPF JIT in bpfjitinsn in arch/s390/net/bpfjitcomp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. Mitigation Mitigation for this issue is either not available or the...

Traffic Factory: WordPress Plugin Update Confusion at trafficfactory.com

Hi, I'm currently researching a "novel" supply chain attack affecting WordPress plugins, and I believe your website might be vulnerable. The way it works is similar to a recent Dependency Confusion attack, where a malicious actor can take over internal packages unclaimed on PyPI / npm registry. I...

Apple now requires all apps to make it easy for users to delete their accounts

All third-party iOS, iPadOS, and macOS apps that allow users to create an account should also provide a method for terminating their accounts from within the apps beginning next year, Apple said on Wednesday. "This requirement applies to all app submissions starting January 31, 2022," the iPhone...

Citrix PVS vDisk is caching on server even though it is configured to cache to the machine

Scenario: PVS target devices streaming a new version of a vDisk are caching to the server instead of to the cache drive on the target device. Target devices streaming the original version of the vDisk work correctly. Attempts to create or edit a file on the write cache are denied. Inspecting the...

SUSE-SU-2021:3289-1 Security update for glibc

This update for glibc fixes the following issues: Security issues fixed: - CVE-2021-35942: wordexp: handle overflow in positional parameter number bsc1187911 - CVE-2021-33574: Use pthreadattrcopy in mqnotify bsc1186489 Also the following bug was fixed: - Avoid concurrency problem in ldconfig...

Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR

As of Monday afternoon, Facebook had been flat on its face for hours, suffering a simultaneous worldwide outage not only on its main site, but also at its Instagram, WhatsApp, Messenger and Oculus VR subsidiaries. We’re aware that some people are having trouble accessing Facebook app. We’re worki...

libslax code issue vulnerability

libslax is an open-source implementation of the SLAX language. libslax is vulnerable to a code problem caused by a null pointer dereference in the function slaxLexer in slaxLexer .c, which can be exploited to cause a denial of service...

openSUSE: Security Advisory for samba (openSUSE-SU-2021:3187-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLES12 Security Update : kernel (SUSE-SU-2021:3192-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3192-1 advisory. - In pppol2tpconnect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege...

OPENSUSE-SU-2021:3187-1 Security update for samba

This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldbhandlerfold bsc1183574. - CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs bsc1183572. - Spec file...

SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3178-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3178-1 advisory. - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store...