Displaying 20 results from an estimated 2189 matches for "cve".
Did you mean:
ave
2016 May 12
2
Openssl vulnerability
Hi Team,
I have a centos 7 running server with openssl version openssl-1.0.1e-51.el7_2.4.x86_64, I have received a set of vulnerability from security team, can anyone tell me as per below CVE do I need to update my openssl version to 1.0.1t? Or the current version which we have is safe.
CVE-2016-0701, CVE-2015-3197
CVE-2015-4000
CVE-2015-0204
CVE-2015-0286, CVE-2015-0287, CVE-2015-0289, CVE-2015-0293, CVE-2015-0209, CVE-2015-0288
CVE-2015-0292, CVE-2014-8176
Thanks
Aswathi
_____...
2014 Nov 21
0
Processed: retitle 770230 to xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030
Processing commands for control at bugs.debian.org:
> retitle 770230 xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030
Bug #770230 [src:xen] CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
Changed Bug title to 'xen: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595 CVE-2014-9030' from 'CVE-2014-5146 CVE-2014-5149 CVE-2014-85...
2021 Nov 09
2
[Announce] Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download
Release Announcements
---------------------
These are security releases in order to address the following defects:
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/sec...
2021 Nov 09
2
[Announce] Samba 4.15.2, 4.14.10, 4.13.14 Security Releases are available for Download
Release Announcements
---------------------
These are security releases in order to address the following defects:
o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext
authentication.
https://www.samba.org/samba/security/CVE-2016-2124.html
o CVE-2020-25717: A user on the domain can become root on domain members.
https://www.samba.org/samba/sec...
2014 Nov 19
2
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
Source: xen
Severity: grave
Tags: security
Hi,
the following security issues apply to Xen in jessie:
CVE-2014-5146,CVE-2014-5149:
https://marc.info/?l=oss-security&m=140784877111813&w=2
CVE-2014-8594:
https://marc.info/?l=oss-security&m=141631359901060&w=2
CVE-2014-8595:
https://marc.info/?l=oss-security&m=141631352601020&w=2
Cheers,
Moritz
2023 Mar 21
2
Bug#1033297: xen: CVE-2022-42331 CVE-2022-42332 CVE-2022-42333 CVE-2022-42334
Source: xen
Version: 4.17.0+46-gaaf74a532c-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: carnil at debian.org, Debian Security Team <team at security.debian.org>
Hi,
The following vulnerabilities were published for xen.
CVE-2022-42331[0]:
| x86: speculative vulnerability in 32bit SYSCALL path Due to an
| oversight in the very original Spectre/Meltdown security work
| (XSA-254), one entrypath performs its speculation-safety actions too
| late. In some configurations, there is an unprotected RET instruction
| which can...
2014 Nov 21
0
Bug#770230: CVE-2014-5146 CVE-2014-5149 CVE-2014-8594 CVE-2014-8595
On Wed, Nov 19, 2014 at 11:45:02PM +0100, Moritz Muehlenhoff wrote:
> Source: xen
> Severity: grave
> Tags: security
>
> Hi,
> the following security issues apply to Xen in jessie:
>
> CVE-2014-5146,CVE-2014-5149:
> https://marc.info/?l=oss-security&m=140784877111813&w=2
>
> CVE-2014-8594:
> https://marc.info/?l=oss-security&m=141631359901060&w=2
>
> CVE-2014-8595:
> https://marc.info/?l=oss-security&m=141631352601020&w=2
And CVE-2014-9...
2014 Nov 14
2
EL5 Security Policy for the final 3 years
...ntOS-5 based
workloads to CentOS-6 and that every user stop using CentOS-5 as soon as
possible. Here is a list of updates that are not done on RHEL-5 and are
not planned to be done at this time by Red Hat for RHEL-5 (and therefore
CentOS-5):
> ruby Moderate https://access.redhat.com/security/cve/CVE-2014-8080
> python Low https://access.redhat.com/security/cve/CVE-2014-7185
> libgcrypt Moderate https://access.redhat.com/security/cve/CVE-2014-5270
> wget Moderate https://access.redhat.com/security/cve/CVE-2014-4877
> perl-Data-Dumper Low https://access.redhat.com/secu...
2016 Dec 03
2
CVE-2016-8652 in dovecot
On 03/12/2016 12:08, Jeremiah C. Foster wrote:
> On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:
> On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we have a bug in dovecot, which
> merits a
> CVE. See details below. If you haven't configured any
> auth_policy_*
> settings you are ok. This is fixed with
> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3
> 4be960cff13
> a5a725ae and
> https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d
>...
2016 Mar 10
2
RES: CVE-2016-1285 & CVE-2016-1286
...pdate to fix it?
>
> ________________________________________
> De: centos-bounces at centos.org [centos-bounces at centos.org] em nome de Alice Wonder [alice at domblogger.net]
> Enviado: quinta-feira, 10 de mar?o de 2016 15:31
> Para: centos at centos.org
> Assunto: Re: [CentOS] CVE-2016-1285 & CVE-2016-1286
>
> On 03/10/2016 07:13 AM, Michael H wrote:
>> On 10/03/16 14:47, Leonardo Oliveira Ortiz wrote:
>>> Hello.
>>>
>>> I think Centos are affected, right?
>>>
>>> Some update from Centos?
>>> _____________...
2023 Jul 19
1
[Announce] Samba 4.18.5, 4.17.10., 4.16.11 Security Releases are available for Download
Release Announcements
---------------------
This are security releases in order to address the following defects:
o CVE-2022-2127:? When winbind is used for NTLM authentication, a
maliciously
????????????????? crafted request can trigger an out-of-bounds read in
winbind
????????????????? and possibly crash it.
https://www.samba.org/samba/security/CVE-2022-2127.html
o CVE-2023-3347:? SMB2 packet signing is not e...
2023 Jul 19
1
[Announce] Samba 4.18.5, 4.17.10., 4.16.11 Security Releases are available for Download
Release Announcements
---------------------
This are security releases in order to address the following defects:
o CVE-2022-2127:? When winbind is used for NTLM authentication, a
maliciously
????????????????? crafted request can trigger an out-of-bounds read in
winbind
????????????????? and possibly crash it.
https://www.samba.org/samba/security/CVE-2022-2127.html
o CVE-2023-3347:? SMB2 packet signing is not e...
2016 Dec 02
2
CVE-2016-8652 in dovecot
On 02.12.2016 10:45, Jonas Wielicki wrote:
> On Freitag, 2. Dezember 2016 09:00:58 CET Aki Tuomi wrote:
>> We are sorry to report that we have a bug in dovecot, which merits a
>> CVE. See details below. If you haven't configured any auth_policy_*
>> settings you are ok. This is fixed with
>> https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13
>> a5a725ae and
>> https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d...
2016 Mar 10
2
CVE-2016-1285 & CVE-2016-1286
...>
>> Some update from Centos?
>> _______________________________________________
>> CentOS mailing list
>> CentOS at centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
> Sure looks that way...
>
> https://access.redhat.com/security/cve/cve-2016-1285
> https://access.redhat.com/security/cve/cve-2016-1286
>
>
I don't think NSD is impacted, which is what I use for authoritative
nameserver. There's an EPEL package. NSD is authoritative only, which is
why I use it.
No clue about unbound.
2011 Feb 24
4
CentOS 5 Security Updates
...e time-frame when security updates might be published
for these applications in CentOS 5?
wireshark
postgresql
krb5
java-1.6.0-openjdk
java-1.6.0-sun
The following security updates have been published upstream (after
release of RHEL 5.6) to remedy the vulnerabilities described in their
associated CVE reports.
Remotely Exploitable: (R)
RHSA-2011:0013: Moderate: wireshark security update 1/10/11
[CVE-2010-4538] (R)
RHSA-2011:0197: Moderate: postgresql security update 2/3/11
[CVE-2010-4015] (R)
RHSA-2011:0199: Important: krb5 security update 2/8/11
[CVE-2011-0281] (R)
[CVE-2011-0282] (R)
RHSA...
2015 Aug 16
0
Bug#795721: CVE-2015-3259 CVE-2015-3340 CVE-2015-4163 CVE-2015-4164
Source: xen
Severity: important
Tags: security
These Xen vulnerabilities are unfixed in unstable:
CVE-2015-4164:
http://xenbits.xen.org/xsa/advisory-136.html
CVE-2015-4163:
http://xenbits.xen.org/xsa/advisory-134.html
CVE-2015-3340:
http://xenbits.xen.org/xsa/advisory-132.html
CVE-2015-3259:
http://xenbits.xen.org/xsa/advisory-137.html
Cheers,
Moritz
2016 Dec 03
2
CVE-2016-8652 in dovecot
...On Fri, 2016-12-02 at 10:48 +0200, Aki Tuomi wrote:
> > > On 02.12.2016 10:45, Jonas Wielicki wrote: On Freitag, 2. Dezember
> > > 2016 09:00:58 CET Aki Tuomi wrote: We are sorry to report that we
> > > have a bug in dovecot, which
> > > merits a
> > > CVE. See details below. If you haven't configured any
> > > auth_policy_*
> > > settings you are ok. This is fixed with
> > > https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f3
> > > 4be960cff13
> > > a5a725ae and
> > > https://gi...
2017 Sep 27
1
[Announce] Samba 4.6.8, 4.5.14 and 4.4.16 Security Releases Available
Hi Team,
Workaround for
CVE-2017-12151 :- client max protocol = NT1 and
CVE-2017-12163 :- server min protocol = SMB2_02
are contradicting to each other.
CVE-2017-12151 impacts on SMB3 protocol but workaound suggst to use NT1.
I have below queries regarding this.
Is SMB2 protocol also impacted by CVE-2017-12151 ?
Can i use...
2022 Dec 15
1
[Announce] Samba 4.17.4, 4.16.8 and 4.15.13 Security Releases are available for Download
Release Announcements
---------------------
This are security releases in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
????????????????? RC4-HMAC Elevation of Privilege Vulnerability
????????????????? disclosed by Microsoft on Nov 8 2022.
????????????????? A Samba Active Directory DC will issue weak rc4-hmac
????????????????? session keys for use betwe...
2022 Dec 15
1
[Announce] Samba 4.17.4, 4.16.8 and 4.15.13 Security Releases are available for Download
Release Announcements
---------------------
This are security releases in order to address the following defects:
o CVE-2022-37966: This is the Samba CVE for the Windows Kerberos
????????????????? RC4-HMAC Elevation of Privilege Vulnerability
????????????????? disclosed by Microsoft on Nov 8 2022.
????????????????? A Samba Active Directory DC will issue weak rc4-hmac
????????????????? session keys for use betwe...