CND News and Blog

New Vulnerabilities Monday 27 June


New Alerts for curl, NetApp, and Linux.

curl 

When curl does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a MitM attack to go unnoticed and allows it to inject data to the client.
More info.

curl supports "chained" HTTP compression algorithms, with an unbounded number of acceptable "links" in this "decompression chain", allowing a malicious server to insert a virtually unlimited number of compression steps, resulting in an out of memory DoS.
More info.

A malicious server can serve excessive amounts of Set-Cookies headers in a HTTP response to curl and curl stores all of them, resulting in a DoS.
More info.

NetApp 

NetApp has published 8 new bulletins identifying vulnerabilities in third-party software included in their products. No patches yet.
More info.

Linux 

SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel and other kernel modules. More info.
Ubuntu has updated the kernel. More info.



Security Wizardry Cyber Threat Intelligence - The Mobile Radar Page

A mobile version of our Security Wizardry Radar Page, providing vulnerability details and visibility for a variety of software and industries.

SecurityWizardry.com - Vulnerability Details

Security Wizardry Radar Page provides vulnerability details and visibility for a variety of software and industries.

Report Print
×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 12 August 2022

By accepting you will be accessing a service provided by a third-party external to https://www.cndltd.com/

Are You Ready To Find Out More?

Arrange a Chat With Our Friendly Service Delivery Team.