Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. Continue Reading — Debian LTS: DLA-2305-1: transmission security update>
Unix, Linux, DevOps , Cloud computing and BigData Knowledge-Base
`add_password` in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could Continue Reading — Debian LTS: DLA-2304-1: libpam-radius-auth security update>
Amazon Personalize uses machine learning technology perfected from over 20 years of recommender systems development at Amazon.com. With Amazon Personalize you are can personalize recommendations for products, videos, music, ebooks, ads, marketing email… Continue Reading — Amazon Personalize enhances Recommendation Filters with filtering on item...
Updated dnsmasq package fix insecure default configuration potentially making it an open resolver (CVE-2020-14312). In its default configuration, dnsmasq listen and answer query from any address even outside of the local subnet. Thus, it may inadverten… Continue Reading — Mageia 2020-0310: dnsmasq security update>
Bypass of boundary checks in nio.Buffer via concurrent access. (CVE-2020-14583) Incomplete bounds checks in Affine Transformations. (CVE-2020-14593) Continue Reading — Mageia 2020-0309: java-1.8.0-openjdk security update>
The CBC padding operations were not constant time and as a result would leak the length of the plaintext values which were being padded to an attacker running a side channel attack via shared resources such as cache or branch predictor. No information … Continue...