Download
| Alert*
oval:org.secpod.oval:def:54586
freeradius: high-performance and highly configurable RADIUS server FreeRADIUS could be made to bypass authentication if it received a specially crafted input. oval:org.secpod.oval:def:1801403 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:1801405 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:1801406 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:1801407 CVE-2019-11234: eap-pwd: fake authentication using reflection¶ A vulnerability was found in FreeRadius. An attacker can reflect the received scalar and element from the server in it"s own commit message, and subsequently reflect the confirm value as well. This causes the adversary to successful ... oval:org.secpod.oval:def:204754 The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet files. Security Fix: * gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution For more details about the security issue, in ... oval:org.secpod.oval:def:205172 Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix: * cockpit: Crash when parsing invalid base64 headers For more details a ... oval:org.secpod.oval:def:502623 Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more. Security Fix: * cockpit: Crash when parsing invalid base64 headers For more details a ... oval:org.secpod.oval:def:116653 Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux . The main package includes the libvirtd server exporting the virtualization support. oval:org.secpod.oval:def:205203 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: eap-pwd: authentication bypass via an invalid curve attack * freeradius: eap-pw ... oval:org.secpod.oval:def:1700173 FreeRADIUS mishandles the each participant verifies that the received scalar is within a range, and that the received group element is a valid point on the curve being used protection mechanism, aka a Dragonblood issue, a similar issue to CVE-2019-9498 and CVE-2019-9499 .FreeRADIUS before 3.0.19 doe ... oval:org.secpod.oval:def:1901868 [eap-pwd: authentication bypass via an invalid curve attack] oval:org.secpod.oval:def:704913 freeradius: high-performance and highly configurable RADIUS server FreeRADIUS could be made to bypass authentication if it received a specially crafted input. oval:org.secpod.oval:def:502705 FreeRADIUS is a high-performance and highly configurable free Remote Authentication Dial In User Service server, designed to allow centralized authentication and authorization for a network. Security Fix: * freeradius: eap-pwd: authentication bypass via an invalid curve attack * freeradius: eap-pw ... oval:org.secpod.oval:def:502735 Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtua ... oval:org.secpod.oval:def:502734 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: wrong permissions in systemd admin-sock due to missi ... oval:org.secpod.oval:def:1502524 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1902013 Insecure permissions for systemd socket for virtlockd/virtlogd The virtlockd-admin.socket and virtlogd-admin.socket unit files do not set the SocketMode parameter and thus create a world accessible UNIX domain socket. Furthermore the code fails to validate the identity of clients connecting to these ... oval:org.secpod.oval:def:205211 The libvirt library contains a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. Security Fix: * libvirt: wrong permissions in systemd admin-sock due to missi ... oval:org.secpod.oval:def:116221 GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other ... oval:org.secpod.oval:def:116185 GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other ... oval:org.secpod.oval:def:1901747 critical use after free vulnerability in verify_crt oval:org.secpod.oval:def:603249 It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of ... oval:org.secpod.oval:def:113951 gcab is a tool to manipulate Cabinet archive. oval:org.secpod.oval:def:114062 gcab is a tool to manipulate Cabinet archive. oval:org.secpod.oval:def:502234 The gcab package contains a utility for managing the Cabinet archives. It can list, extract, and create Microsoft cabinet files. Security Fix: * gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code execution For more details about the security issue, in ... oval:org.secpod.oval:def:53236 It was discovered that gcab, a Microsoft Cabinet file manipulation tool, is prone to a stack-based buffer overflow vulnerability when extracting .cab files. An attacker can take advantage of this flaw to cause a denial-of-service or, potentially the execution of arbitrary code with the privileges of ... oval:org.secpod.oval:def:51980 gcab: Microsoft Cabinet file manipulation tool gcab could be made to crash or run programs if it opened a specially crafted file. oval:org.secpod.oval:def:703964 gcab: Microsoft Cabinet file manipulation tool gcab could be made to crash or run programs if it opened a specially crafted file. |