[SECURITY] Fedora 40 Update: rust-uu_seq-0.0.23-3.fc40

seq uutils display a sequence of numbers...

BIT-HUBBLE-RELAY-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system allows a intruder to re-record any files in the system.

The vulnerability of the Siemens RUGGEDCOM CROSSBOW access control system lies in the validation of input data during the processing of sequence bypasses for directories. Exploiting this vulnerability allows a malicious actor to re-record any files in the system...

SUSE CVE-2021-47281

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of sndseqtimeropen The timer instance per queue is exclusive, and sndseqtimeropen should have managed the concurrent accesses. It looks as if it's checking the already existing timer instance at the beginning,...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

ssh: Prefix truncation attack on Binary Packet Protocol (BPP)

A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure ...

DEBIAN-CVE-2021-47297

In the Linux kernel, the following vulnerability has been resolved: net: fix uninit-value in caifseqpktsendmsg When nrsegs equal to zero in iovecfromuser, the object msg-msgiter.iov is uninit stack memory in caifseqpktsendmsg which is defined in syssendmsg. So we cann't just judge...

DEBIAN-CVE-2021-47281

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of sndseqtimeropen The timer instance per queue is exclusive, and sndseqtimeropen should have managed the concurrent accesses. It looks as if it's checking the already existing timer instance at the beginning,...

CVE-2021-47304 tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized

In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpinittransfer to not reset icskcainitialized This commit fixes a bug found by syzkaller that could cause spurious double-initializations for congestion control modules, which could cause memory leaks or other problems...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper locking sequence...

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in IntelR CoreTM Ultra Processors may allow an authenticated user to potentially enable denial of service via local access...

ALPINE-CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in IntelR CoreTM Ultra Processors may allow an authenticated user to potentially enable denial of service via local access...

CVE-2023-46103

CVE-2023-46103 describes a vulnerability in Intel Core Ultra Processors where a specific sequence of processor instructions can cause unexpected behavior, potentially enabling a denial-of-service condition for an authenticated local user. The issue is discussed across multiple connected documents...

CVE-2023-46103

Sequence of processor instructions leads to unexpected behavior in IntelR CoreTM Ultra Processors may allow an authenticated user to potentially enable denial of service via local access...

BIT-CILIUM-OPERATOR-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

BIT-CILIUM-2024-28860

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key...

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1609)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 6 : rubygems (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - rubygems: Improper verification of signatures in tarball allows to install mis-signed gem CVE-2018-100007...

The vulnerability of the ANSI Escape Sequence Handler component in the WinRAR file archiver allows a hacker to trigger a service failure or replace the display on the screen.

The vulnerability of the ANSI Escape Sequence Handler component in the WinRAR file archiver is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to remotely cause service failures or replace the display on the screen...