OPENSUSE-SU-2021:1513-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.8: Improving reporting of general overload state for DNS timeout errors by relays Regenerate fallback directories for October 2021 Bug fixes for onion services CVE-2021-22929: do not log v2 onion services access attempt warnings on disk...

Security update for tor (moderate)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2021:1513-1 Rating: moderate References: 1192658 Cross-References: CVE-2021-22929 Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 An update that fixes one vulnerability is now available. Description...

PT-2021-9120 · Rapid7 · Rapid7 Nexpose

Name of the Vulnerable Software and Affected Versions: Rapid7 Nexpose versions prior to 6.6.114 Description: The issue allows an attacker to expose information when a user's session has ended due to inactivity. By using the inspect element browser feature, an attacker can remove the login panel a...

UVI-2021-1002148 drm/msm: Avoid potential overflow in timeout_to_jiffies()

drm/msm: Avoid potential overflow in timeouttojiffies This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15 by commit...

Mozilla Firefox Security Advisory (MFSA2014-03) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Smuggler - An HTTP Request Smuggling / Desync Testing Tool

An HTTP Request Smuggling / Desync testing tool written in Python 3 Acknowledgements A special thanks to James Kettle for his research and methods into HTTP desyncs And a special thanks to Ben Sadeghipour for beta testing Smuggler and for allowing me to discuss my work at Nahamcon 2020 IMPORTANT...

[SECURITY] Fedora 35 Update: watchdog-5.16-2.fc35

The watchdog program can be used as a powerful software watchdog daemon or may be alternately used with a hardware watchdog device such as the IPMI hardware watchdog driver interface to a resident Baseboard Management Controller BMC. watchdog periodically writes to /dev/watchdog; the interval...

CVE-2021-20324

A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication. The highest threat from this vulnerability is to data confidentiality and integrity. Mitigation This attack is...

CVE-2021-21797

An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lea...

CVE-2021-21797

An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This can lea...

Nitro Software Nitro Pro 资源管理错误漏洞

Nitro Software Nitro Pro is a U.S. Nitro Software PDF document editor software. The software supports PDF document editing, PDF document format conversion and PDF document encryption. Nitro Pro PDF resource management error vulnerability exists, the vulnerability stems from the product fails to...

Nitro Pro PDF JavaScript TimeOutObject double free vulnerability

Summary An exploitable double-free vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a reference to a timeout object to be stored in two different places. When closed, the document will result in the reference being released twice. This...

kernel security and bug fix update

4.18.0-305.17.14.OL8 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

ALSA-2021:3447 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: powerpc: KVM guest OS users can cause host OS memory corruption CVE-2021-37576 kernel: slab-out-of-bounds access in xdrsetpagebase in net/sunrpc/xdr.c CVE-2021-38201 For more details abou...

SUSE SLES12 Security Update : xen (SUSE-SU-2021:2957-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2957-1 advisory. - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosu...

SUSE SLES15 Security Update : xen (SUSE-SU-2021:2943-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2943-1 advisory. - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosu...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2021:2922-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2922-1 advisory. - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure...

openSUSE 15 Security Update : xen (openSUSE-SU-2021:2923-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2923-1 advisory. - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via...

timeout_io (>=0.2.0 <=0.2.7) potentially affected by CVE-2020-36438 via tiny_future (=0.3.2)

tinyfuture CARGO version =0.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on tinyfuture and may be impacted: - timeoutio =0.2.0, =0.2.7 Source cves: CVE-2020-36438 Source advisory: OSV:GHSA-FG42-VWXX-XX5J...