Ubuntu Security Notice 4040-1 - It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.
251b85a8c68321ea23a55c52e49629c8a3a25fa86fb47f440c3f071922997ed6Ubuntu Security Notice 4040-2 - USN-4040-1 fixed a vulnerability in expat. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Expat incorrectly handled certain XML files. An attacker could possibly use this issue to cause a denial of service.
f1885e6f06f6f2c730d8efe155ac5f1c76f1b005205c7c8535cdc2920730fa9fRed Hat Security Advisory 2019-1591-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where OAuth access tokens were written in plaintext to the API server audit logs.
875ed960bd02e2d6da0aadd2d47f0640ff931c963517d678060c39a77a556906GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
98e0355ff0627bf88112b3b92a7522e98c0ae6071fc45efda5a33daed28199b3Coldfusion versions 2016 and 2018 along with all current versions of JNBridge suffer from a remote code execution vulnerability.
f87b353777ae773d0c72b225ac02ae458075bc752b4b21bb6aaa070c2db3e58dUbuntu Security Notice 4038-2 - USN-4038-1 fixed several vulnerabilities in bzip2. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
5af3e4ba4c76321d949ac85669ff8c915024913a50dfa3112a979a45608c3dbeUbuntu Security Notice 4038-1 - Aladdin Mubaied discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS. It was discovered that bzip2 incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code.
674256554b4a99a71c6d4e0f37049b77acba8fba7440b2a3d70deab7378c171bAMD Secure Encrypted Virtualization (SEV) is a hardware memory encryption feature. SEV protects guest virtual machines from the hypervisor, provides confidentiality guarantees at runtime and remote attestation at launch time. The SEV elliptic-curve (ECC) implementation was found to be vulnerable to an invalid curve attack. At launch-start command, an attacker can send small order ECC points not on the official NIST curves, and force the SEV firmware to multiply a small order point by the firmware's private DH scalar. By collecting enough modular residues, an attacker can recover the complete PDH private key. With the PDH, an attacker can recover the session key and the VM's launch secret. This breaks the confidentiality guarantees offered by SEV.
54e8e560ed6f2e12e8bd0223096ce8c586842a0a89aebf2c3ac2adafd44af784D-Link models DIR-652, DIR-615, DIR-827, DIR-615, DIR-657, and DIR-825 suffer from an administrative password disclosure vulnerability.
836a2a284ed2a9985417986d306b4db1f5742beca7f44da2a471cb893fd99d6cWebEx appears to suffer from man-in-the-middle attacks due to accepting any TLS certificates as valid.
22e3cd7a64dcb66910ad59f0e79c228bad57d0d9720924bbaa649a7da3e814a8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed