EUVD-2006-4818

Malware in sbrugna...

RHEL 8 : kernel (RHSA-2024:6206)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6206 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel:TCP-spoofed ghost ACKs and leak...

RHEL 9 : kernel (RHSA-2024:5364)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:5364 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: gfs2: Fix kernel NULL pointer...

Demo of AES GCM Misuse Problems

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode...

Ross Anderson

Ross Anderson unexpectedly passed away Thursday night in, I believe, his home in Cambridge. I cant remember when I first met Ross. Of course it was before 2008, when we created the Security and Human Behavior workshop. It was well before 2001, when we created the Workshop on Economics and...

CentOS 7 : firefox (RHSA-2023:7509)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7509 advisory. - On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images...

RHEL 7 : thunderbird (RHSA-2023:7505)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7505 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2023:7503)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:7503 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.5.0. Security Fixes: Mozilla:...

CVE-2023-6209

The Mozilla Foundation Security Advisory describes this flaw as: Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites...

Path traversal

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

Mozilla Firefox < 115.5

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 115.5. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-50 advisory. - On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read...

Patch&#8230;later? Safari iLeakage bug not fixed

Apple has released updates for its phones, Macs, iPads, watches, and TV streaming devices, fixing a bunch of security problems. But amid all that activity, one fix is notably absent—there is nothing to address the vulnerability dubbed iLeakage. iLeakage is a side-channel attack that can force the...

Microsoft Patch Tuesday, May 2022 Edition

Microsoft today released updates to fix at least 74 separate security problems in its Windows operating systems and related software. This months patch batch includes fixes for seven "critical" flaws, as well as a zero-day vulnerability that affects all supported versions of Windows. By all...

CVE-2022-28552

Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin...

PT-2021-16752 · Apport +2 · Apport +2

Name of the Vulnerable Software and Affected Versions: apport affected versions not specified Description: The issue concerns the get pid info function in the data/apport component, which fails to properly parse the /proc/pid/status file from the kernel. This parsing issue may lead to potential...

openSUSE Security Update : singularity (openSUSE-2020-1011)

This update for singularity fixes the following issues : - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems : - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...

FreeBSD : Pillow -- Multiple vulnerabilities (0700e76c-3eb0-11ea-8478-3085a9a95629)

Pillow developers report : This release addresses several security problems, as well as addressing CVE-2019-19911. CVE-2019-19911 is regarding FPX images. If an image reports that it has a large number of bands, a large amount of resources will be used when trying to process the image. This is...

Security update for rdesktop (important)

openSUSE Security Update: Security update for rdesktop Announcement ID: openSUSE-SU-2019:2135-1 Rating: important References: 1121448 Cross-References: CVE-2018-20174 CVE-2018-20175 CVE-2018-20176 CVE-2018-20177 CVE-2018-20178 CVE-2018-20179 CVE-2018-20180 CVE-2018-20181 CVE-2018-20182...

Code injection

The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...

CVE-2018-20744

The Olivier Poitrey Go CORS handler through 1.3.0 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems...