Security News (14)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Unterkategorien
CMS Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache.
Artikel anzeigen...Server Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...Linux Security (6)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...-
Red Hat Security Advisory 2021-2229-01
Ruby Files ≈ Packet Storm Jun 3, 2021 | 15:23 pmRed Hat Security Advisory 2021-2229-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Red Hat Security Advisory 2021-2230-01
Ruby Files ≈ Packet Storm Jun 3, 2021 | 15:13 pmRed Hat Security Advisory 2021-2230-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information[…]
Read more... -
Red Hat Security Advisory 2021-2104-01.tt
Ruby Files ≈ Packet Storm May 25, 2021 | 14:44 pmRed Hat Security Advisory 2021-2104-01.tt - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and[…]
Read more... -
OpenNetAdmin 18.1.1 Remote Command Execution
Ruby Files ≈ Packet Storm May 10, 2021 | 14:30 pmOpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe.
Read more... -
Ubuntu Security Notice USN-4922-2
Ruby Files ≈ Packet Storm Apr 26, 2021 | 19:22 pmUbuntu Security Notice 4922-2 - USN-4922-1 fixed a vulnerability in Ruby. This update provides the corresponding update for Ubuntu 21.04. Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could[…]
Read more... -
Ubuntu Security Notice USN-4922-1
Ruby Files ≈ Packet Storm Apr 21, 2021 | 15:06 pmUbuntu Security Notice 4922-1 - Juho Nurminen discovered that the REXML gem bundled with Ruby incorrectly parsed and serialized XML documents. A remote attacker could possibly use this issue to perform an XML round-trip attack.
Read more... -
Ubuntu Security Notice USN-3685-2
Ruby Files ≈ Packet Storm Mar 26, 2021 | 14:18 pmUbuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.
Read more... -
Ubuntu Security Notice USN-4882-1
Ruby Files ≈ Packet Storm Mar 19, 2021 | 15:41 pmUbuntu Security Notice 4882-1 - It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue[…]
Read more... -
Red Hat Security Advisory 2020-5554-01
Ruby Files ≈ Packet Storm Dec 16, 2020 | 18:09 pmRed Hat Security Advisory 2020-5554-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-4134-01
Ruby Files ≈ Packet Storm Sep 30, 2020 | 15:52 pmRed Hat Security Advisory 2020-4134-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more...
-
nfstream 6.3.2
Python Files ≈ Packet Storm Jun 11, 2021 | 15:10 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
Petalus 1.0.0
Python Files ≈ Packet Storm Jun 10, 2021 | 10:11 amPetalus is a crypto wallet microservice in python that allows users to store any type of information on a virtual wallet. The main functionalities of Petalus are blockchain support on the storage data, multiple hashes for the blockchain (sha256, blake2s[…]
Read more... -
Red Hat Security Advisory 2021-2356-01
Python Files ≈ Packet Storm Jun 9, 2021 | 13:42 pmRed Hat Security Advisory 2021-2356-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or[…]
Read more... -
Red Hat Security Advisory 2021-2280-01
Python Files ≈ Packet Storm Jun 8, 2021 | 14:04 pmRed Hat Security Advisory 2021-2280-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or[…]
Read more... -
Ubuntu Security Notice USN-4973-1
Python Files ≈ Packet Storm Jun 1, 2021 | 15:15 pmUbuntu Security Notice 4973-1 - It was discovered that the Python stdlib ipaddress API incorrectly handled octal strings. A remote attacker could possibly use this issue to perform a wide variety of attacks, including bypassing certain access restrictions.
Read more... -
CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal
Python Files ≈ Packet Storm May 27, 2021 | 13:43 pmA Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.
Read more... -
Red Hat Security Advisory 2021-1631-01
Python Files ≈ Packet Storm May 19, 2021 | 14:10 pmRed Hat Security Advisory 2021-1631-01 - The python-urllib3 package provides the Python HTTP module with connection pooling and file POST abilities. Issues addressed include a crlf injection vulnerability.
Read more... -
Red Hat Security Advisory 2021-1879-01
Python Files ≈ Packet Storm May 19, 2021 | 14:08 pmRed Hat Security Advisory 2021-1879-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2021-1633-01
Python Files ≈ Packet Storm May 19, 2021 | 14:07 pmRed Hat Security Advisory 2021-1633-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2021-1898-01
Python Files ≈ Packet Storm May 19, 2021 | 14:06 pmRed Hat Security Advisory 2021-1898-01 - lxml is an XML processing library providing access to libxml2 and libxslt libraries using the Python ElementTree API. Issues addressed include a cross site scripting vulnerability.
Read more...
-
IPFire 2.25 Remote Code Execution
CGI Files ≈ Packet Storm Jun 15, 2021 | 15:18 pmThis Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.
Read more... -
Ubuntu Security Notice USN-4886-1
CGI Files ≈ Packet Storm Mar 23, 2021 | 16:33 pmUbuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular[…]
Read more... -
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
CGI Files ≈ Packet Storm Mar 19, 2021 | 16:52 pmKZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help[…]
Read more... -
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more... -
Sony IPELA Network Camera Remote Stack Buffer Overflow
CGI Files ≈ Packet Storm Oct 1, 2020 | 15:09 pmSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]
Read more... -
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CGI Files ≈ Packet Storm Sep 18, 2020 | 17:11 pmTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more...
snaplitics made a real revolution in the industry.
-
SuiteCRM Log File Remote Code Execution
PHP Files ≈ Packet Storm Jun 4, 2021 | 13:44 pmThis Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can[…]
Read more... -
PHP 8.1.0-dev User-Agentt Remote Code Execution
PHP Files ≈ Packet Storm Jun 3, 2021 | 14:48 pmPHP version 8.1.0-dev remote code execution exploit that leverages a backdoor under the User-Agentt header.
Read more... -
Cacti 1.2.12 SQL Injection / Remote Command Execution
PHP Files ≈ Packet Storm Jun 2, 2021 | 13:50 pmThis Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is[…]
Read more... -
IPS Community Suite 4.5.4.2 PHP Code Injection
PHP Files ≈ Packet Storm May 31, 2021 | 14:21 pmIPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval()[…]
Read more... -
PHP 8.1.0-dev Backdoor Remote Command Execution
PHP Files ≈ Packet Storm May 31, 2021 | 13:59 pmPHP version 8.1.0-dev unauthenticated remote command execution proof of concept exploit that leverages the backdoor.
Read more... -
Trixbox 2.8.0.4 Remote Code Execution
PHP Files ≈ Packet Storm May 28, 2021 | 14:21 pmTrixbox version 2.8.0.4 has an OS command injection vulnerability that can be leveraged via shell metacharacters in the lang parameter to /maint/modules/home/index.php.
Read more... -
Trixbox 2.8.0.4 Path Traversal
PHP Files ≈ Packet Storm May 28, 2021 | 14:19 pmTrixbox version 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.
Read more... -
Gentoo Linux Security Advisory 202105-23
PHP Files ≈ Packet Storm May 26, 2021 | 17:27 pmGentoo Linux Security Advisory 202105-23 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.6 are affected.
Read more... -
Gentoo Linux Security Advisory 202105-06
PHP Files ≈ Packet Storm May 26, 2021 | 17:12 pmGentoo Linux Security Advisory 202105-6 - Multiple vulnerabilities in the Smarty template engine might allow remote attackers to execute arbitrary PHP code. Versions less than 3.1.39 are affected.
Read more... -
PHP 8.1.0-dev Backdoor Remote Command Injection
PHP Files ≈ Packet Storm May 24, 2021 | 14:08 pmPHP version 8.1.0-dev backdoor unauthenticated remote command injection exploit.
Read more...
-
Red Hat Security Advisory 2021-2479-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 18:34 pmRed Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications[…]
Read more... -
Red Hat Security Advisory 2021-2476-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 18:23 pmRed Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business[…]
Read more... -
Red Hat Security Advisory 2021-2475-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 18:16 pmRed Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process[…]
Read more... -
Red Hat Security Advisory 2021-2469-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 18:09 pmRed Hat Security Advisory 2021-2469-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address.[…]
Read more... -
Red Hat Security Advisory 2021-2472-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 18:09 pmRed Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services[…]
Read more... -
Red Hat Security Advisory 2021-2471-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 18:01 pmRed Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged[…]
Read more... -
Red Hat Security Advisory 2021-2467-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 17:57 pmRed Hat Security Advisory 2021-2467-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions[…]
Read more... -
Red Hat Security Advisory 2021-2461-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 17:53 pmRed Hat Security Advisory 2021-2461-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across[…]
Read more... -
Red Hat Security Advisory 2021-2459-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 17:40 pmRed Hat Security Advisory 2021-2459-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.
Read more... -
Red Hat Security Advisory 2021-2456-01
Operating System: RedHat ≈ Packet Storm Jun 17, 2021 | 17:37 pmRed Hat Security Advisory 2021-2456-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Debian: DSA-4933-1: nettle security update
Advisories Jun 18, 2021 | 14:58 pm
Read more...
Multiple vulnerabilities were discovered in nettle, a low level cryptographic library, which could result in denial of service (remote crash in RSA decryption via specially crafted ciphertext, crash on ECDSA signature verification) or incorrect verification of ECDSA signatures. -
Debian: DSA-4932-1: tor security update
Advisories Jun 18, 2021 | 13:39 pm
Read more...
Multiple security vulnerabilities were discovered in Tor, a connection-based low-latency anonymous communication system, which could result in denial of service or spoofing. -
Debian: DSA-4931-1: xen security update
Advisories Jun 15, 2021 | 16:52 pm
Read more...
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in denial of service or information leaks. For the stable distribution (buster), these problems have been fixed in -
Debian: DSA-4930-1: libwebp security update
Advisories Jun 10, 2021 | 17:04 pm
Read more...
Multiple vulnerabilities were discovered in libwebp, the implementation of the WebP image format, which could result in denial of service, memory disclosure or potentially the execution of arbitrary code if malformed images are processed. -
Debian: DSA-4929-1: rails security update
Advisories Jun 9, 2021 | 17:11 pm
Read more...
Multiple security issues were discovered in the Rails web framework which could result in denial of service. For the stable distribution (buster), these problems have been fixed in -
Debian: DSA-4928-1: htmldoc security update
Advisories Jun 9, 2021 | 17:09 pm
Read more...
A buffer overflow was discovered in HTMLDOC, a HTML processor that generates indexed HTML, PS, and PDF, which could potentially result in the execution of arbitrary code. In addition a number of crashes were addressed. -
Debian: DSA-4927-1: thunderbird security update
Advisories Jun 4, 2021 | 18:43 pm
Read more...
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. In adddition two security issues were addressed in the OpenPGP support. -
Debian: DSA-4926-1: lasso security update
Advisories Jun 3, 2021 | 16:22 pm
Read more...
It was discovered that lasso, a library which implements SAML 2.0 and Liberty Alliance standards, did not properly verify that all assertions in a SAML response were properly signed, allowing an attacker to impersonate users or bypass access control. -
Debian: DSA-4925-1: firefox-esr security update
Advisories Jun 2, 2021 | 13:07 pm
Read more...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4620-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Ubuntu Security Notice USN-4991-1
Operating System: Ubuntu ≈ Packet Storm Jun 17, 2021 | 18:34 pmUbuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information.[…]
Read more... -
Ubuntu Security Notice USN-4990-1
Operating System: Ubuntu ≈ Packet Storm Jun 17, 2021 | 18:27 pmUbuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled[…]
Read more... -
Ubuntu Security Notice USN-4989-2
Operating System: Ubuntu ≈ Packet Storm Jun 17, 2021 | 17:49 pmUbuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue[…]
Read more... -
Ubuntu Security Notice USN-4989-1
Operating System: Ubuntu ≈ Packet Storm Jun 17, 2021 | 17:45 pmUbuntu Security Notice 4989-1 - It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local[…]
Read more... -
Ubuntu Security Notice USN-4988-1
Operating System: Ubuntu ≈ Packet Storm Jun 15, 2021 | 15:01 pmUbuntu Security Notice 4988-1 - It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a[…]
Read more... -
Ubuntu Security Notice USN-4986-4
Operating System: Ubuntu ≈ Packet Storm Jun 12, 2021 | 19:22 pmUbuntu Security Notice 4986-4 - USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that[…]
Read more... -
Ubuntu Security Notice USN-4987-1
Operating System: Ubuntu ≈ Packet Storm Jun 11, 2021 | 14:57 pmUbuntu Security Notice 4987-1 - It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.
Read more... -
Ubuntu Security Notice USN-4986-3
Operating System: Ubuntu ≈ Packet Storm Jun 11, 2021 | 14:55 pmUbuntu Security Notice 4986-3 - USN-4986-1 fixed a vulnerability in rpcbind. The update caused a regression resulting in rpcbind crashing in certain environments. This update fixes the problem. It was discovered that rpcbind incorrectly handled certain large data sizes. A[…]
Read more... -
Ubuntu Security Notice USN-4971-2
Operating System: Ubuntu ≈ Packet Storm Jun 10, 2021 | 14:56 pmUbuntu Security Notice 4971-2 - USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated[…]
Read more... -
Ubuntu Security Notice USN-4986-2
Operating System: Ubuntu ≈ Packet Storm Jun 10, 2021 | 13:45 pmUbuntu Security Notice 4986-2 - USN-4986-1 fixed a vulnerability in rpcbind. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that rpcbind incorrectly handled certain large data sizes. A remote attacker could[…]
Read more...
-
chromium -- multiple vulnerabilities
FreeBSD VuXML Jun 10, 2021 | 00:00 am
Read more... -
dino -- Path traversal in Dino file transfers
FreeBSD VuXML Jun 8, 2021 | 00:00 am
Read more... -
pglogical -- shell command injection in pglogical.create_subscription()
FreeBSD VuXML Jun 6, 2021 | 00:00 am
Read more... -
drupal7 -- fix possible CSS
FreeBSD VuXML Jun 6, 2021 | 00:00 am
Read more... -
tauthon -- Regular Expression Denial of Service
FreeBSD VuXML Jun 4, 2021 | 00:00 am
Read more... -
polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync
FreeBSD VuXML Jun 4, 2021 | 00:00 am
Read more... -
go -- multiple vulnerabilities
FreeBSD VuXML Jun 3, 2021 | 00:00 am
Read more... -
aiohttp -- open redirect vulnerability
FreeBSD VuXML Jun 3, 2021 | 00:00 am
Read more...
-
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more... -
Linux Kernel Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Jul 12, 2018 | 21:43 pmLinux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
Read more... -
DHCP Client Command Injection (DynoRoot)
Operating System: Fedora ≈ Packet Storm Jun 12, 2018 | 23:58 pmThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]
Read more... -
Reliable Datagram Sockets (RDS) Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 19, 2018 | 06:48 amThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]
Read more... -
Libuser roothelper Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 13, 2018 | 21:49 pmThis Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]
Read more... -
MagniComp SysInfo mcsiwrapper Privilege Escalation
Operating System: Fedora ≈ Packet Storm Feb 20, 2018 | 14:09 pmThis Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]
Read more...