Mageia: Security Advisory (MGASA-2022-0482)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2022-0482 Updated freeradius packages fix security vulnerability

Information leakage in EAP-PWD. CVE-2022-41859 Crash on unknown option in EAP-SIM. CVE-2022-41860 Crash on invalid abinary data. CVE-2022-41861...

Updated freeradius packages fix security vulnerability

Information leakage in EAP-PWD. CVE-2022-41859 Crash on unknown option in EAP-SIM. CVE-2022-41860 Crash on invalid abinary data. CVE-2022-41861...

SUSE SLES15 Security Update : freeradius-server (SUSE-SU-2022:4626-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4626-1 advisory. - In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to...

SUSE: Security Advisory (SUSE-SU-2022:4626-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2022:4622-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES12 Security Update : freeradius-server (SUSE-SU-2022:4621-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4621-1 advisory. - In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to...

SUSE SLES15 Security Update : freeradius-server (SUSE-SU-2022:4622-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4622-1 advisory. - In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to...

SUSE SLES15 Security Update : freeradius-server (SUSE-SU-2022:4620-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4620-1 advisory. - In freeradius, the EAP-PWD function computepasswordelement leaks information about the password which allows an attacker to...

SUSE-SU-2022:4622-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD bsc1206204. - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM bsc1206205. - CVE-2022-41861: Fixes a crash on invalid abinary data bsc1206206...

SUSE-SU-2022:4621-1 Security update for freeradius-server

This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixes an information leakage in EAP-PWD bsc1206204. - CVE-2022-41860: Fixes a crash on unknown option in EAP-SIM bsc1206205. - CVE-2022-41861: Fixes a crash on invalid abinary data bsc1206206...

Fedora 36 : freeradius (2022-98832b2cc2)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-98832b2cc2 advisory. Update to upstream release 3.0.26. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Hacked Ring Cams Used to Record Swatting Victims

Photo: BrandonKleinPhoto / Shutterstock.com Two U.S. men have been charged with hacking into the Ring home security cameras of a dozen random people and then "swatting" them -- falsely reporting a violent incident at the targets address to trick local police into responding with force. Prosecutor...

ARC Informatique PcVue

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Low attack complexity Vendor: ARC Informatique Equipment: PcVue Vulnerabilities: Cleartext Storage of Sensitive Information, Insertion of Sensitive Information into Log File 2. UPDATE OR REPOSTED INFORMATION This updated advisory is a follow-up to the...

PT-2022-26467 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds write in the ProtocolSimBuilder::BuildSimUpdatePb3gEntry function due to a missing bounds check. This could lead to local escalation of privilege, requiring System...

PT-2022-26477 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel Description: The issue is related to a possible out of bounds read in the ProtocolSimBuilderLegacy::BuildSimGetGbaAuth function due to a missing bounds check. This could lead to local information disclosure, requiring System...

CVE-2022-41860

In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, the server will try to look that option up in the internal dictionaries. This lookup will fail, but the SIM code will not check for that failure. Instead, it will dereference a NULL pointer, and cause the server to crash...

PT-2022-17468 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to memory corruption in the MODEM due to improper validation of array indices while processing GSTK Proactive commands. This affects various Qualcomm...

CVE-2022-4312

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service SMS accounts configuration files to discover the associated simple mail transfer protocol SMTP account...

CVE-2022-4312

A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service SMS accounts configuration files to discover the associated simple mail transfer protocol SMTP account...