Category Archives: Advisories

CVE-2020-25721

Read Time:10 Second

Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.

Read More

CVE-2021-0957

Read Time:14 Second

In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550

Read More

CVE-2021-20180

Read Time:15 Second

A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.

Read More

CVE-2021-20257

Read Time:19 Second

An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Read More

openvpn-2.5.6-1.fc35

Read Time:18 Second

FEDORA-2022-a9bd17092d

Packages in this update:

openvpn-2.5.6-1.fc35

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

openvpn-2.5.6-1.fc34

Read Time:18 Second

FEDORA-2022-7d46acce7c

Packages in this update:

openvpn-2.5.6-1.fc34

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

openvpn-2.5.6-1.fc36

Read Time:18 Second

FEDORA-2022-cb4c1146dc

Packages in this update:

openvpn-2.5.6-1.fc36

Update description:

This is a maintenance release of OpenVPN 2.5 with a security fix when used in server mode (CVE-2022-0547). The other changes are available in Changes.rst.

NOTE Please read the CVE description carefully if you use authentication plug-ins with a server configuration.

Read More

USN-5331-1: tcpdump vulnerabilities

Read Time:17 Second

It was discovered that tcpdump incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service,
or possibly execute arbitrary code. (CVE-2018-16301)

It was discovered that tcpdump incorrectly handled certain captured data.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2020-8037)

Read More