Updated bind packages fix security vulnerability

Updated bind packages fix security vulnerabilities: It was discovered that Bind incorrectly handled certain TCP-pipelined queries. A remote attacker could possibly use this issue to cause Bind to consume resources, resulting in a denial of service CVE-2019-6477. Lior Shafir, Yehuda Afek, and Anat...

CentOS 6 : bind (RHSA-2020:2383)

The remote CentOS Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2383 advisory. - A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can,...

Scientific Linux Security Update : bind on SL6.x i386/x86_64 (20200603)

Security Fixes : - bind: BIND does not sufficiently limit the number of fetches performed when processing referrals CVE-2020-8616 - bind: A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c CVE-2020-8617 C Tenable Network Security, Inc. The...

Oracle Linux 6 : bind (ELSA-2020-2383)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2383 advisory. - Correct tests covering CVE-2020-8617 - Limit number of queries triggered by a request CVE-2020-8616 Tenable has extracted the preceding description...

Oracle Linux 7 : bind (ELSA-2020-2344)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-2344 advisory. - Limit number of queries triggered by a request CVE-2020-8616 - Fix invalid tsig request CVE-2020-8617 Tenable has extracted the preceding description...

USN-4365-2: Bind vulnerabilities

USN-4365-1 fixed several vulnerabilities in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Original advisory details: Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly...

CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

CVE-2020-10725

A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity chec...

Debian DSA-4689-1 : bind9 - security update

Several vulnerabilities were discovered in BIND, a DNS server implementation. - CVE-2019-6477 It was discovered that TCP-pipelined queries can bypass tcp-client limits resulting in denial of service. - CVE-2020-8616 It was discovered that BIND does not sufficiently limit the number of fetches...

USN-4365-1: Bind vulnerabilities

Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Bind incorrectly limited certain fetches. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service, or possibly use Bind to perform a reflection attack. CVE-2020-8616 Tobias...

Authentication Bypass

spring-security-saml2-service-provider is vulnerable to authentication bypass. A signature wrapping vulnerability during SAML response validation allows an attacker to modify a valid SAML response and append arbitrary assertion that passes a validity check...

CVE-2020-10706

A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via t...

MSOLSpray - A Password Spraying Tool For Microsoft Online Accounts (Azure/O365)

A password spraying tool for Microsoft Online accounts Azure/O365. The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, if the account is locked, or if the account is disabled. BE VERY CAREFUL NOT TO LOCKOUT ACCOUNTS! Why...

kernel: Missing permissions check for request_key() destination allows local attackers to add keys to keyring without Write permission

The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it...

The vulnerability of the ext4_protect_reserved inode function (fs/ext4/block_validity.c) in the Linux kernel allows a attacker to cause a service failure.

The vulnerability of the ext4protectreserved inode function fs/ext4/blockvalidity.c in the Linux kernel involves uncontrolled resource consumption. Exploiting this vulnerability could allow an attacker to cause service failures...

Linux kernel denial of service vulnerability (CNVD-2020-13205)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A security vulnerability exists in the ext4protectreservedinode in the fs/ext4/blockvalidity.c file in Linux kernel 5.5.3 and earlier. A remote attacker can exploit th...

Authentication Bypass

centreon is susceptible to authentication bypass. The vulnerability exists because it uses host macros which does not correctly check session validity using session ID, leading to bypass of authentication...

CredNinja - A Multithreaded Tool Designed To Identify If Credentials Are Valid, Invalid, Or Local Admin Valid Credentials Within A Network At-Scale Via SMB, Plus Now With A User Hunter

This tool is intended for penetration testers who want to perform an engagement quickly and efficiently. While this tool can be used for more covert operations including some additions below, it really shines when used at the scale of a large network. At the core of it, you provide it a list of...

CVE-2020-7231

Evoko Home 1.31 devices provide different error messages for failed login requests depending on whether the username is valid...

SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery

SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Exploit Title: SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Discovery by: LiquidWorm Date: 2019-12-02 Vendor Homepage: Tested Version: 6.5.33.17072501 CVE: N/A Advisory ID: ZSL-2019-5543 Advisory URL:...