FreeBSD, NetBSD Security Vulnerabilities

Amazon Linux 2 : kernel (ALAS-2021-1588)

The version of kernel installed on the remote host is prior to 4.14.214-160.339. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1588 advisory. In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then...

Important: kernel

Issue Overview: In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in __mutex_lock in kernel/locking/mutex.c. This is related to mutex_can_spin_on_owner in kernel/locking/mutex.c,...

Security update for the Linux Kernel (important)

An update that solves 17 vulnerabilities and has 62 fixes is now available. Description: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: CVE-2020-29568: An issue was discovered in Xen through 4.14.x. Some OSes ...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9009)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9009 advisory. An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9005)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9005 advisory. An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread....

0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. ...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an...

Design/Logic Flaw

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an...

Frontends can trigger OOM in Backends by update a watched path

ISSUE DESCRIPTION Some OSes (such as Linux, FreeBSD, NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbound, a guest may be able to trigger a OOM in the backend. IMPACT A...

CVE-2020-29568

An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an...

Embedded TCP/IP stacks have memory corruption vulnerabilities

Overview Multiple open-source embedded TCP/IP stacks, commonly used in Internet of Things (IoT) and embedded devices, have several vulnerabilities stemming from improper memory management. These vulnerabilities are also tracked as ICS-VU-633937 and JVNVU#96491057 as well as the name AMNESIA:33....

Exploit for OS Command Injection in Systeminformation

......

Microsoft Windows Netlogon Remote Protocol (MS-NRPC) uses insecure AES-CFB8 initialization vector

Overview The Microsoft Windows Netlogon Remote Protocol (MS-NRPC) reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and potentially obtain domain...

Devices supporting Bluetooth BR/EDR and LE using CTKD are vulnerable to key overwrite

Overview Devices supporting both Bluetooth BR/EDR and LE using Cross-Transport Key Derivation (CTKD) for pairing are vulnerable to key overwrite, which enables an attacker to to gain additional access to profiles or services that are not restricted by reducing the encryption key strength or...

Lynis 3.0.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security...

IP-in-IP protocol routes arbitrary traffic by default

Overview IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device. Description IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be...

Bluetooth devices supporting BR/EDR are vulnerable to impersonation attacks

Overview Bluetooth Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using a link key. It is possible for an unauthenticated, adjacent attacker to...

Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks

Overview Bluetooth Low Energy (BLE) and Basic Rate / Enhanced Data Rate (BR/EDR) Core Configurations are used for low-power short-range communications. To establish an encrypted connection, two Bluetooth devices must pair with each other using an agreed upon Association Model. It is possible for...

Tryton 5.4 Cross Site Scripting

...

Exploit for Classic Buffer Overflow in Point-To-Point Protocol Project Point-To-Point Protocol

Point-to-Point-Protocol-Daemon-RCE-Vulnerability-CVE-2020-8597......

Tryton v5.4 - (Name) Persistent Cross Site Vulnerability

...

Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow Vulnerability

A difficult to exploit stack-based buffer overflow in the _DtCreateDtDirs() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier may allow local users to corrupt memory and potentially execute arbitrary code in order to escalate...

Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow

...

Bad error path in GNTTABOP_map_grant

ISSUE DESCRIPTION Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly...

Arbitrary Code Execution

libxfont is vulnerable to arbitrary code execution. The vulnerability exists as a buffer overflow flaw was found in the way the libXfont library, used by the X.Org server, handled malformed font files compressed using UNIX compress. A malicious, local user could exploit this issue to potentially...

Denial Of Service (DoS)

openssl is vulnerable to denial of service (DoS). The vulnerability exists as a buffer over-read flaw was discovered in the way OpenSSL parsed the Certificate Status Request TLS extensions in ClientHello TLS handshake messages. A remote attacker could possibly use this flaw to crash an SSL server.....

Denial Of Service (DoS)

bind is vulnerable to denial of service. It was discovered that named did not invalidate previously cached RRSIG records when adding an NCACHE record for the same entry to the cache. A remote attacker allowed to send recursive DNS queries to named could use this flaw to crash...

Denial Of Service (DoS)

The Network Time Protocol (NTP) is vulnerable to Denial Of Service (DoS). Robin Park and Dmitri Vinokurov discovered a flaw in the way ntpd handled certain malformed NTP packets. ntpd logged information about all such packets and replied with an NTP packet that was treated as malformed when...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service (DoS). Multiple denial of service flaws were discovered in OpenSSL's DTLS implementation. A remote attacker could use these flaws to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service flaw. Flaws in OpenSSL's DTLS implementation allows a remote attacker to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service flaw. Flaws in OpenSSL's DTLS implementation allows a remote attacker to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer...

Denial Of Service (DoS)

OpenSSL is vulnerable to denial of service flaw. Flaws in OpenSSL's DTLS implementation allows a remote attacker to cause a DTLS server to use excessive amounts of memory, or crash on an invalid memory access or NULL pointer...

Denial Of Service (DoS)

bind is vulnerable to denial of service. A flaw was found in the way BIND handles dynamic update message packets containing the "ANY" record type. A remote attacker could use this flaw to send a specially-crafted dynamic update packet that could cause named to exit with an assertion...

Arbitrary Code Execution

ntpd is vulnerable to arbitrary code execution. A buffer overflow flaw was discovered in the ntpd daemon's NTPv4 authentication code. If ntpd was configured to use public key cryptography for NTP packet authentication, a remote attacker could use this flaw to send a specially-crafted request...

Stack-based Buffer Overflow

The Network Time Protocol (NTP) is vulnerable to Stack-based Buffer Overflow. A buffer overflow flaw was found in the ntpq diagnostic command. A malicious, remote server could send a specially-crafted reply to an ntpq request that could crash ntpq or, potentially, execute arbitrary code with the...

Arbitrary Code Execution

file is vulnerable to arbitrary code execution. The vulnerability exists as the fix for CVE-2007-1536 introduced a new integer underflow flaw in the file utility. An attacker could create a carefully crafted file which, if examined by a victim using the file utility, could lead to arbitrary code...

Denial Of Service (DoS)

bind is vulnerable to denial of service (DoS). The vulnerability exists as a flaw was found in the way BIND processed certain DNS query responses. On servers that had enabled DNSSEC validation, this could allow a remote attacker to cause a denial of...

Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers

The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices. The...

pppd vulnerable to buffer overflow due to a flaw in EAP packet processing

Overview pppd (Point to Point Protocol Daemon) versions 2.4.2 through 2.4.8 are vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines. Description PPP is the protocol used for establishing internet...

ACE SECURITY WiP-90113 HD Camera Remote Configuration Disclosure

...

SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure Vulnerability

Exploit for hardware platform in category web...

SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure

SecuSTATION IPCAM-130 HD Camera - Remote Configuration...

SecuSTATION IPCAM-130 HD Camera - Remote Configuration Disclosure

...

Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure

...

Aptina AR0130 960P 1.3MP Camera - Remote Configuration Disclosure Vulnerability

Exploit for hardware platform in category web...