Red Hat Security Advisory 2024-0208-03 - An update for openssl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
e2683b7e7c1eaa4b94be8055f2acd55b322b5b3279616fd95b5e10c29c82304cGentoo Linux Security Advisory 202401-16 - Multiple vulnerabilities have been discovered in FreeRDP, the worst of which could result in code execution. Versions greater than or equal to 2.11.0 are affected.
3bd4fd57a2cfebab9086b429320a0d45d42381e7f1c261ec6b3e4d1e201e84a9Gentoo Linux Security Advisory 202401-15 - A vulnerability has been found in Prometheus SNMP Exporter which could allow for authentication bypass. Versions greater than or equal to 0.24.1 are affected.
525cb5629800e79b722a7107e80bb650f19b0bb682e09e5fdabc1827f88789edDebian Linux Security Advisory 5601-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
74939800a29d48ded37e9813459aa6b29068a867d2c407034d466d7a7bb36ee5Debian Linux Security Advisory 5600-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
8cfe6e2a5aa62ff4c70ee28350070f1ea5a4506b8305130470d356424e8fe7c6Debian Linux Security Advisory 5599-1 - Fabian Baeumer, Marcus Brinkmann and Joerg Schwenk discovered that the SSH protocol is prone to a prefix truncation attack, known as the "Terrapin attack". This attack allows a MITM attacker to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts.
a0c9e4b89d0e004e7f26020948eef0d8e208379ab02cce69468a0e02ce7ea9b2macOS suffers from an out-of-bounds write vulnerability in AppleVADriver when decoding mpeg2 videos.
a755a34876f36a8a24fb4024eeda524426d61439be93ad37d2aa3f187ed43ce5On Intel macOS, HEVC video decoding is performed in the AppleGVA module. Using fuzzing, researchers identified multiple issues in this decoder. The issues range from out-of-bounds writes, out-of-bounds reads and, in one case, free() on an invalid address. All of the issues were reproduced on macOS Ventura 13.6 running on a 2018 Mac mini (Intel based).
ed851479d112d861e65e1f2c3cbdcfb9751f8aafbae00aece5139de5128c88b0Linux versions 4.20 and above have an issue where ktls writes into spliced readonly pages.
c8a387c3d377fb9915457e6c2add6c04bc585011d822e7f419d1a632b108342dLinux suffers from an io_uring use-after-free vulnerability due to broken unix GC interaction.
f69e0977a025727662a99855b4620c72daf61a181fc942af121b5a2aba667456Quick TFTP Server Pro version 2.1 remote denial of service exploit.
ad26fc137d8b6459ece6820e20d42853a3e4d2b8e15d8a169be516d43484ce4dCopyright Loan Management System 2024 version 1.0 suffers from a remote SQL Injection vulnerability that allows for authentication bypass.
81f2d79192a8ae08e110a5c85c1e86c81fdde2f0e93634dadfd078e332a66370The call for papers for Hardwear.io USA 2024 is open. It will take place May 31st through June 1, 2024.
a5538868f308cd9bb2ec3f056b3154503e81c208c926ca7d137401dabae1f61a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed