325 matches found
Transmission Integer Overflow
2017 research from Google where Tavis found that transmission suffered from various integer overflows when parsing torrent files...
Debian: Security Advisory (DLA-3511-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5459-1] amd64-microcode security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5459-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 25, 2023 https://www.debian.org/security/faq -...
USN-6244-1: AMD Microcode vulnerability
Tavis Ormandy discovered that some AMD processors did not properly handle speculative execution of certain vector register instructions. A local attacker could use this to expose sensitive information...
[slackware-security] kernel-firmware
New kernel-firmware packages are available for Slackware 14.2, 15.0, and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/kernel-firmware-2023072459fbffa-noarch-1.txz: Upgraded. AMD microcode updated to fix a use-after-free in AMD Zen2...
Debian: Security Advisory (DLA-63-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5872-1: NSS vulnerabilities
Tavis Ormandy discovered that NSS incorrectly handled an empty pkcs7 sequence. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. CVE-2022-22747 Ronald Crane discovered that NSS incorrectly handled certain memory operations. A remote attacker...
Ubuntu: Security Advisory (USN-330-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-90-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu: Security Advisory (USN-819-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers
The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service DoS condition when parsing certificates. Tracked as CVE-2022-0778 CVSS score: 7.5, the issue stems from parsing a malformed certificate with...
Ubuntu: Security Advisory (USN-5168-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-5168-1: NSS vulnerability
Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4746-1 xterm vulnerability
Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code...
USN-4746-1: xterm vulnerability
Tavis Ormandy discovered that xterm incorrectly handled certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code...
Critical Libgcrypt Crypto Bug Opens Machines to Arbitrary Code
The Libgcrypt project has rushed out a fix for a critical bug in version 1.9.0 of the free-source cryptographic library. An exploit would allow an attacker to write arbitrary data to a target machine and execute code. The security vulnerability is a heap-buffer overflow bug in Libgcrypt 1.9.0...
mutt -- denial of service
Tavis Ormandy reports: rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequences of semicolon characters in RFC822 address fields aka terminators of empty groups. A small email message from the attacker can...
Virtuozzo 6 : ghostscript / ghostscript-devel / ghostscript-doc / etc (VZLSA-2018-3760)
An update for ghostscript is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
LastPass Fixes Bug That Leaks Credentials
LastPass has patched a bug that could potentially allow malicious websites to access a web user’s credentials from a previously visited site. Tavis Ormandy, a vulnerability researcher from Google Project Zero, discovered the flaw in the LastPass password manager and published it on the project’s...
Microsoft CTF Protocol vulnerability alerts-a vulnerability alert-the black bar safety net
2019 Year 8 on 13 May, google security researcher Tavis Ormandy published a blog disclosing the windows operating system in the CTF agreement is the presence of a multi-year vulnerability. 0x01 vulnerability details google security researcher Tavis Ormandy in Windows text services...