CVE-2017-12163

An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. Mitigation ...

CVE-2017-2634

It was found that the Linux kernel's Datagram Congestion Control Protocol DCCP implementation used the IPv4-only inetskrebuildheader function for both IPv4 and IPv6 DCCP connections, which could result in memory corruptions. A remote attacker could use this flaw to crash the system...

CVE-2019-17420

CVE-2019-17420 affects LibHTP before 0.5.31, as used in Suricata 4.1.4 and other products. The vulnerability arises from an HTTP protocol parsing error that causes the http_header signature to fail to alert on a response ending with a single CRLF ("\r\n"). Impact is that such responses may bypass...

XNU - Remote Double-Free via Data Race in IPComp Input Path

XNU - Remote Double-Free via Data Race in IPComp Input Path === Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK...

XNU - Remote Double-Free via Data Race in IPComp Input Path Exploit

=== Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK isn't affected over two network interfaces at the same time...

CVE-2019-2449

Vulnerability in the Java SE component of Oracle Java SE subcomponent: Deployment. The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks...

[SECURITY] Fedora 30 Update: scapy-2.4.3-1.fc30

Scapy is a powerful interactive packet manipulation program built on top of the Python interpreter. It can be used to forge or decode packets of a wide number of protocols, send them over the wire, capture them, match requests and replies, and much more...

[SECURITY] Fedora 31 Update: scapy-2.4.3-1.fc31

Scapy is a powerful interactive packet manipulation program built on top of the Python interpreter. It can be used to forge or decode packets of a wide number of protocols, send them over the wire, capture them, match requests and replies, and much more...

[SECURITY] Fedora 29 Update: mosquitto-1.6.7-1.fc29

Mosquitto is an open source message broker that implements the MQ Telemetry Transport protocol version 3.1 and 3.1.1 MQTT provides a lightweight method of carrying out messaging using a publish/subscribe model. This makes it suitable for "machine to machine" messaging such as with low power senso...

Fedora Update for nbdkit FEDORA-2019-1b30db2125

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 4538-1] wpa security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4538-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez September 29, 2019 https://www.debian.org/security/faq -...

[SECURITY] Fedora 29 Update: libnbd-1.0.2-1.fc29

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

[SECURITY] Fedora 30 Update: libnbd-1.0.2-1.fc30

NBD =EF=BF=BD=EF=BF=BD=EF=BF=BD Network Block Device =EF=BF=BD=EF=BF=BD=EF =BF=BD is a protocol for accessing Block Devices hard disks and disk-like things over a Network. This is the NBD client library in userspace, a simple library for writing NBD clients. The key features are: Synchronous and...

Fedora Update for openssl FEDORA-2019-d15aac6c4e

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for libnbd FEDORA-2019-749d828945

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

RHEL 7 : dovecot (RHSA-2019:2836)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2019:2836 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and...

Fedora Update for nbdkit FEDORA-2019-867f0858e6

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CredSSP Remote Code Execution Vulnerability March 2018 Security Update

The remote Windows host allows fallback to insecure versions of Credential Security Support Provider protocol CredSSP. It is therefore, affected by a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute...

curl -- multiple vulnerabilities

curl security problems: CVE-2019-5481: FTP-KRB double-free libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amoun...

Updated dovecot packages fix security vulnerability

Updated dovecot packages fix security vulnerability: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes...