Category Archives: Advisories

CVE-2020-25721

Read Time:10 Second

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

Read More

CVE-2021-0957

Read Time:14 Second

In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550

Read More

CVE-2021-20180

Read Time:15 Second

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Read More

CVE-2021-20257

Read Time:19 Second

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Read More

openvpn-2.5.6-1.fc35

Read Time:18 Second

FEDORA-2022-a9bd17092d

Packages in this update:

openvpn-2.5.6-1.fc35

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

openvpn-2.5.6-1.fc34

Read Time:18 Second

FEDORA-2022-7d46acce7c

Packages in this update:

openvpn-2.5.6-1.fc34

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

openvpn-2.5.6-1.fc36

Read Time:18 Second

FEDORA-2022-cb4c1146dc

Packages in this update:

openvpn-2.5.6-1.fc36

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

USN-5331-1: tcpdump vulnerabilities

Read Time:17 Second

It was discovered that tcpdump incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2018-16301)

It was discovered that tcpdump incorrectly handled certain captured data.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8037)

Read More

Post Title

Read Time:31 Second

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

Read More