CERT

Apache fixes an HTTP Server flaw.

212 Apache fixes a critical HTTP Server flaw. Apache Security Advisory October 19, 2023. Multiple vulnerabilities have been discovered in Apache HTTP Server. They allow an attacker to remotely cause a denial of service and breach data confidentiality. CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with initial windows of zero size (cve.mitre.org). An attacker, opening an HTTP/2 connection with an initial window of size 0, was able to block the management of this connection indefinitely in Apache HTTP Server. This could be used to exhaust server resources. Already in October 2021, Apache fixed a critical Zero Day vulnerability on its HTTP server open source project. She corrected […]

Apache fixes an HTTP Server flaw. Read more "

Apache, CERT, corrective, DDoS, Fault, News, Network, Server

SUSE SECURITY BULLETIN OF JUNE 18, 2021

135 SUSE SECURITY BULLETIN JUNE 18, 2021 Linux Kernel Security Update (Live Patch 7) An update that resolves two vulnerabilities and includes an errata is now available. The following issues address CVE-2021-33034 and CVE-2021-32399. (Sources) CVE-2021-33034: Fixed a use-after-free when destroying an hci_chan. This could lead to arbitrary values ​​being written (bsc#1186111). CVE-2021-32399: Fixed a race condition when removing the HCI controller (bnc#1184611). Fixed data loss/data corruption that occurs if there is a write error on an md/raid array (bsc#1185680). Multiple vulnerabilities in SUSE Linux kernel Multiple vulnerabilities have been discovered in SUSE Linux kernel

SUSE SECURITY BULLETIN OF JUNE 18, 2021 Read more "

AlaUne, CERT, News

SONICWALL SECURITY BULLETIN JUNE 14, 2021

104 SONICWALL SECURITY BULLETIN JUNE 14, 2021 SonicOS vulnerability involving incorrect neutralization of the HTTP header This vulnerability results in an unauthenticated denial of service (DDoS). A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a denial of service (DDoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms and SonicOSv virtual firewalls. (Sources) SonicWall PSIRT is not aware of any active exploitation of this vulnerability in the wild. No PoC report has been made public at the time of this advisory. Until the fixes below can be applied, SonicWall PSIRT strongly recommends that administrators limit SonicOS management access to trusted sources

SONICWALL SECURITY BULLETIN JUNE 14, 2021 Read more "

AlaUne, CERT, News

CITRIX HYPERVISOR SECURITY UPDATE

138 CITRIX HYPERVISOR SECURITY UPDATE Several security issues have been identified that affect Citrix Hypervisor. Two issues, each of which could allow privileged code in a guest VM to cause the host to crash or shut down. Both of these issues only affect systems where the malicious guest VM has a physical PCI device passed to it by the host administrator. These issues have the following identifiers CVE-2021-27379 and CVE-2021-28692. (Sources) Another issue that affects the underlying CPU hardware. Although this is not an issue in the Citrix Hypervisor product itself, Citrix is ​​releasing fixes that also address this CPU issue. This problem is of a type known as "attacks".

CITRIX HYPERVISOR SECURITY UPDATE Read more "

AlaUne, CERT, News

QNAP SAFETY BULLETIN 21

102 QNAP SECURITY BULLETIN 21 Multiple vulnerabilities discovered in QNAP Help Desk and NAS switches. These vulnerabilities relate to the inclusion of sensitive information in QSS, out-of-bounds reading in QSS, and access control in the help desk. Qnap Security Bulletin qsa-21-24 dated June 11, 2021 CVE-2021-28805 – Inclusion of sensitive information in QSS – High severity – It affects certain QNAP switches – It has been reported that the inclusion of sensitive information in the source code affects some QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. We have already fixed this vulnerability in versions QSW-M2108-2C: QSS 1.0.3 build 20210505 and later. (Sources) Security Bulletin

QNAP SAFETY BULLETIN 21 Read more "

AlaUne, CERT, News

Linux SUSE update with 23 vulnerabilities and 20 fixes.

136 SUSE Linux update of 23 vulnerabilities and 20 fixes. SUSE Security Bulletin May 18, 2021 The LTSS kernel of SUSE Linux Enterprise 12 SP2 has been updated to receive various bug and security fixes. Fixed an issue in the netfilter subsystem that allowed attackers to cause a denial of service. Fixed an issue in Xen where a guest operating system user could cause a denial of service. Fixed BPF JIT compilers allowing arbitrary code to be executed in the kernel context. Fixed NFC memory leak. Fixed a denial of service vulnerability in drivers. Fixed an issue with a kernel pointer leak. (Sources) Multiple

Linux SUSE update with 23 vulnerabilities and 20 fixes. Read more "

AlaUne, CERT, News

Siemens Security Update May 17, 2021

85 Siemens Security Update May 17, 2021 Siemens Security Bulletin SSA-695540 May 17, 2021 on JT2Go products. Siemens has updated V13.1.0.2 of JT2Go  and Teamcenter Visualization to fix multiple vulnerabilities when reading files in ASM and PAR formats. If a user attempts to open a malicious file with the affected products, an application crash or arbitrary code execution occurs. (Sources) JT2Go: all versions lower than V13.1.0.2 Teamcenter Visualization: Update to V13.1.0.2 or higher Multiple vulnerabilities in Siemens products (Sources) Multiple vulnerabilities have been discovered in Siemens products. They allow an attacker to

Siemens Security Update May 17, 2021 Read more "

AlaUne, CERT, News

Vulnerability alert in Adobe Acrobat and Acrobat Reader.

189 Vulnerability alert in Adobe Acrobat and Acrobat Reader. Adobe Security Bulletin (APSB21-29) Security update available for Adobe Acrobat and Reader. Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address several critical and important vulnerabilities. A successful exploit could lead to the execution of arbitrary code in the context of the current user. Adobe has received a report that CVE-2021-28550 has been exploited in the wild in limited attacks targeting users of Adobe Reader on Windows. Adobe recommends that users update their software installations to the latest versions. (Sources) Vulnerability in Adobe Acrobat and Acrobat Reader One

Vulnerability alert in Adobe Acrobat and Acrobat Reader. Read more "

AlaUne, CERT, News

Updated 19 security fixes in Google Chrome.

135 Updated 19 security fixes in Google Chrome. Google Security Bulletin May 10, 2021 Incorrect security UI in web app installations. Heap buffer overflow in media streams. Writing out of bounds in the tab strip. TAS buffer overflow in reader mode. Type confusion in the V8. (Sources) Multiple vulnerabilities in Google Chrome Multiple vulnerabilities have been discovered in Google Chrome. They allow an attacker to cause a security problem not specified by the publisher. (Sources)  

Updated 19 security fixes in Google Chrome. Read more "

AlaUne, CERT, News
Back to top