AZL-9220 CVE-2021-3618 affecting package sendmail 8.15.2-46

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

Design/Logic Flaw

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic fr...

Security Bulletin: A security vulnerability in NGINX ffects IBM Cloud Automation Manager

Summary A security vulnerability in NGINX ffects IBM Cloud Automation Manager. Vulnerability Details CVEID: CVE-2021-3618 DESCRIPTION: Sendmail, vsftpd and NGINX could provide weaker than expected security, caused by an ALPACA application layer protocol content confusion attack, which exploits TL...

What is DDoS attack❓ — Types and how to react to them

What is DDoS attack❓ — Types and how to react to them Distributed Denial of service attacks are assaults outfitted at making a PC, a cyber-service inaccessible by congesting it with traffic from various sources. The point is ordinarily to make the computers in question stop administration by...

SUSE: Security Advisory (SUSE-SU-2016:0748-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2020-13529

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to cause service interruptions using the MySQL protocol...

USN-4559-1 samba update

Tom Tervoort discovered that the Netlogon protocol implemented by Samba incorrectly handled the authentication scheme. A remote attacker could use this issue to forge an authentication token and steal the credentials of the domain admin. While a previous security update fixed the issue by changin...

Updated pdns-recursor packages fix security vulnerabilities

Updated pdns-recursor packages fix security vulnerabilities: An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the...

Security Bulletin: Multiple vulnerabilitiy in OpenSSL affect IBM Storwize V7000 Unified

Summary Cross-protocol attack on TLS using SSLv2 Vulnerability Details OpenSSL is used in IBM Storwize V7000 Unified for providing communication security by encrypting data being transmitted. CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free...

JDK: unspecified vulnerability fixed in 8u161 and 9.0.4 (Deployment)

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

Oracle E-Business Suite Remote Security Vulnerability (CNVD-2017-00639)

Oracle E-Business Suite is a suite of fully integrated, global business management software from Oracle Corporation. Oracle Common Applications also known as Oracle Common Application Calendar, CAC is one of the components that can simplify the management of daily activities, appointments, and...

Code injection

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

ALPINE-CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

UBUNTU-CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...

CVE-2016-8606

The REPL server --listen in GNU Guile 2.0.12 allows an attacker to execute arbitrary code via an HTTP inter-protocol attack...