Technology Blog

August 22, 2022

CVE-2015-3193 (node.js, openssl, ubuntu_linux)

The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces […]
August 22, 2022

CVE-2016-1908 (debian_linux, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_workstation, linux, openssh)

The client in OpenSSH before 7.2 mishandles failed cookie generation for untrusted X11 forwarding and relies on the local X11 server for access-control decisions, which allows […]
August 22, 2022

CVE-2017-15906 (active_iq_unified_manager, cloud_backup, clustered_data_ontap, cn1610_firmware, data_ontap_edge, debian_linux, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_workstation, hci_management_node, oncommand_unified_manager_core_package, openssh, solidfire, steelstore_cloud_integrated_storage, storage_replication_adapter_for_clustered_data_ontap, sun_zfs_storage_appliance_kit, vasa_provider_for_clustered_data_ontap, virtual_storage_console)

The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
August 22, 2022

CVE-2017-3641 (debian_linux, enterprise_linux_desktop, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_eus, enterprise_linux_server_tus, enterprise_linux_workstation, mariadb, mysql, openstack)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 […]
August 22, 2022

CVE-2017-3738 (debian_linux, node.js, openssl)

There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks […]
August 22, 2022

CVE-2018-19841 (debian_linux, fedora, leap, ubuntu_linux, wavpack)

The function WavpackVerifySingleBlock in open_utils.c in libwavpack.a in WavPack through 5.1.0 allows attackers to cause a denial-of-service (out-of-bounds read and application crash) via a crafted WavPack […]
August 22, 2022

CVE-2018-2759 (active_iq_unified_manager, mariadb, mysql, oncommand_insight, oncommand_workflow_automation, snapcenter, ubuntu_linux)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged […]
August 22, 2022

CVE-2018-2777 (active_iq_unified_manager, mariadb, mysql, oncommand_insight, oncommand_workflow_automation, snapcenter, ubuntu_linux)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged […]
August 22, 2022

CVE-2018-2781 (active_iq_unified_manager, debian_linux, enterprise_linux_desktop, enterprise_linux_eus, enterprise_linux_server, enterprise_linux_server_aus, enterprise_linux_server_tus, enterprise_linux_workstation, mariadb, mysql, oncommand_insight, oncommand_workflow_automation, openstack, snapcenter, ubuntu_linux)

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 […]