Security News (14)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Unterkategorien
CMS Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache.
Artikel anzeigen...Server Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...Linux Security (6)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...-
Red Hat Security Advisory 2020-5554-01
Ruby Files ≈ Packet Storm Dec 16, 2020 | 18:09 pmRed Hat Security Advisory 2020-5554-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-4134-01
Ruby Files ≈ Packet Storm Sep 30, 2020 | 15:52 pmRed Hat Security Advisory 2020-4134-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3574-01
Ruby Files ≈ Packet Storm Aug 27, 2020 | 22:29 pmRed Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3358-01
Ruby Files ≈ Packet Storm Aug 6, 2020 | 17:07 pmRed Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
OpenEMR 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Aug 3, 2020 | 16:52 pmOpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.
Read more... -
Ruby On Rails 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Jul 27, 2020 | 18:38 pmRuby On Rails version 5.0.1 remote code execution exploit.
Read more... -
Red Hat Security Advisory 2020-2839-01
Ruby Files ≈ Packet Storm Jul 7, 2020 | 16:18 pmRed Hat Security Advisory 2020-2839-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Read more... -
Red Hat Security Advisory 2020-2769-01
Ruby Files ≈ Packet Storm Jun 30, 2020 | 18:04 pmRed Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Keystone 0.9.2
Ruby Files ≈ Packet Storm Jun 23, 2020 | 21:24 pmKeystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages,[…]
Read more... -
Red Hat Security Advisory 2020-2480-01
Ruby Files ≈ Packet Storm Jun 10, 2020 | 15:12 pmRed Hat Security Advisory 2020-2480-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more...
-
Gentoo Linux Security Advisory 202101-18
Python Files ≈ Packet Storm Jan 25, 2021 | 14:38 pmGentoo Linux Security Advisory 202101-18 - Multiple vulnerabilities have been found in Python, the worst of which could result in the arbitrary execution of code. Versions less than 2.7.18-r6:2.7 are affected.
Read more... -
Ubuntu Security Notice USN-4668-4
Python Files ≈ Packet Storm Jan 12, 2021 | 16:14 pmUbuntu Security Notice 4668-4 - USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt[…]
Read more... -
Ubuntu Security Notice USN-4668-3
Python Files ≈ Packet Storm Jan 4, 2021 | 17:25 pmUbuntu Security Notice 4668-3 - USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could[…]
Read more... -
Erlang Bytecode String Converter
Python Files ≈ Packet Storm Dec 21, 2020 | 17:30 pmestr2bc is a python script to convert arbitrary string input to Erlang bytecode.
Read more... -
Red Hat Security Advisory 2020-5581-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:19 pmRed Hat Security Advisory 2020-5581-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include code execution and denial of service vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-5571-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:19 pmRed Hat Security Advisory 2020-5571-01 - python-XStatic-Bootstrap-SCSS is the Bootstrap-SCSS JavaScript library packaged for setuptools / pip. Issues addressed include a cross site scripting vulnerability.
Read more... -
Red Hat Security Advisory 2020-5412-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:08 pmRed Hat Security Advisory 2020-5412-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2020-5435-01
Python Files ≈ Packet Storm Dec 15, 2020 | 15:41 pmRed Hat Security Advisory 2020-5435-01 - The python-rtslib package provides a Python library to configure the kernel target subsystem, using the configfs file system.
Read more... -
Ubuntu Security Notice USN-4668-1
Python Files ≈ Packet Storm Dec 10, 2020 | 16:04 pmUbuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.
Read more... -
Ubuntu Security Notice USN-4668-2
Python Files ≈ Packet Storm Dec 10, 2020 | 15:57 pmUbuntu Security Notice 4668-2 - USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. Various other issues were[…]
Read more...
-
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more... -
Sony IPELA Network Camera Remote Stack Buffer Overflow
CGI Files ≈ Packet Storm Oct 1, 2020 | 15:09 pmSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]
Read more... -
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CGI Files ≈ Packet Storm Sep 18, 2020 | 17:11 pmTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more... -
Go CGI / FastCGI Transport Cross Site Scripting
CGI Files ≈ Packet Storm Sep 2, 2020 | 15:00 pmThe CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]
Read more... -
Geutebruck testaction.cgi Remote Command Execution
CGI Files ≈ Packet Storm Aug 17, 2020 | 17:40 pmThis Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions
Read more... -
Cayin CMS NTP Server 11.0 Remote Code Execution
CGI Files ≈ Packet Storm Jun 18, 2020 | 16:04 pmThis Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]
Read more...
snaplitics made a real revolution in the industry.
-
PEAR Archive_Tar Arbitrary File Write
PHP Files ≈ Packet Storm Jan 25, 2021 | 14:51 pmThis Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file[…]
Read more... -
PHP-Fusion 9.03.90 Cross Site Request Forgery
PHP Files ≈ Packet Storm Jan 15, 2021 | 14:59 pmPHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
Read more... -
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
PHP Files ≈ Packet Storm Jan 12, 2021 | 16:32 pmWordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse[…]
Read more... -
WordPress wpDiscuz 7.0.4 Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:28 pmThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
Read more... -
Practical PHP Security
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:18 pmWhitepaper called Practical PHP Security.
Read more... -
WordPress Autoptimize Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 14:49 pmWordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote[…]
Read more... -
qdPM 9.1 PHP Object Injection
PHP Files ≈ Packet Storm Dec 31, 2020 | 15:07 pmqdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
Read more... -
Gentoo Linux Security Advisory 202012-16
PHP Files ≈ Packet Storm Dec 24, 2020 | 17:17 pmGentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
Read more... -
TerraMaster TOS 4.2.06 Remote Code Execution
PHP Files ≈ Packet Storm Dec 23, 2020 | 17:08 pmThis Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
Read more... -
WordPress Yet Another Stars Rating PHP Object Injection
PHP Files ≈ Packet Storm Dec 18, 2020 | 18:58 pmThis Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.
Read more...
-
Red Hat Security Advisory 2021-0223-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:07 pmRed Hat Security Advisory 2021-0223-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0218-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:06 pmRed Hat Security Advisory 2021-0218-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0225-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:06 pmRed Hat Security Advisory 2021-0225-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0219-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:06 pmRed Hat Security Advisory 2021-0219-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0227-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:06 pmRed Hat Security Advisory 2021-0227-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0224-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:06 pmRed Hat Security Advisory 2021-0224-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0221-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:06 pmRed Hat Security Advisory 2021-0221-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0222-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:06 pmRed Hat Security Advisory 2021-0222-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0226-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:05 pmRed Hat Security Advisory 2021-0226-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
Red Hat Security Advisory 2021-0220-01
Operating System: RedHat ≈ Packet Storm Jan 27, 2021 | 14:05 pmRed Hat Security Advisory 2021-0220-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in[…]
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Debian: DSA-4841-1: slurm-llnl security update
Advisories Jan 27, 2021 | 13:44 pm
Read more...
Multiple security issues were discovered in the Simple Linux Utility for Resource Management (SLURM), a cluster resource management and job scheduling system, which could result in denial of service, information disclosure or privilege escalation. -
Debian: DSA-4840-1: firefox-esr security update
Advisories Jan 27, 2021 | 13:36 pm
Read more...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure. -
Debian: DSA-4839-1: sudo security update
Advisories Jan 26, 2021 | 13:05 pm
Read more...
The Qualys Research Labs discovered a heap-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users. Any local user (sudoers and non-sudoers) can exploit this flaw for root privilege escalation. -
Debian: DSA-4838-1: mutt security update
Advisories Jan 25, 2021 | 15:47 pm
Read more...
Tavis Ormandy discovered a memory leak flaw in the rfc822 group recipient parsing in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, which could result in denial of service. -
Debian: DSA-4833-2: gst-plugins-bad1.0 regression update
Advisories Jan 24, 2021 | 11:09 am
Read more...
The update for gst-plugins-bad1.0 released as DSA 4833-1 choosed a package version incompatible with binNMUs and prevented upgrades to the fixed packages. Updated gst-plugins-bad1.0 packages are now available to correct this issue. -
Debian: DSA-4837-1: salt security update
Advisories Jan 24, 2021 | 10:29 am
Read more...
Several vulnerabilities were discovered in salt, a powerful remote execution manager. The flaws could result in authentication bypass and invocation of Salt SSH, creation of certificates with weak file permissions via the TLS execution module or shell injections with the -
Debian: DSA-4830-2: flatpak regression update
Advisories Jan 22, 2021 | 17:08 pm
Read more...
The update for flatpak released as DSA 4830-1 introduced regressions with flatpak build and in the extra-data mechanism. Updated flatpak packages are now available to correct this issue. -
Debian: DSA-4836-1: openvswitch security update
Advisories Jan 22, 2021 | 13:52 pm
Read more...
Two vulnerabilities were discovered in the LLPD implementation of Open vSwitch, a software-based Ethernet virtual switch, which could result in denial of service. -
Debian: DSA-4835-1: tomcat9 security update
Advisories Jan 22, 2021 | 13:48 pm
Read more...
Two vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in information disclosure. For the stable distribution (buster), these problems have been fixed in -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4620-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Ubuntu Security Notice USN-4704-1
Operating System: Ubuntu ≈ Packet Storm Jan 27, 2021 | 14:05 pmUbuntu Security Notice 4704-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. It was[…]
Read more... -
Ubuntu Security Notice USN-4705-1
Operating System: Ubuntu ≈ Packet Storm Jan 27, 2021 | 14:05 pmUbuntu Security Notice 4705-1 - It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. It was discovered that the Sudo sudoedit[…]
Read more... -
Ubuntu Security Notice USN-4703-1
Operating System: Ubuntu ≈ Packet Storm Jan 25, 2021 | 17:29 pmUbuntu Security Notice 4703-1 - It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service.
Read more... -
Ubuntu Security Notice USN-4702-1
Operating System: Ubuntu ≈ Packet Storm Jan 25, 2021 | 14:44 pmUbuntu Security Notice 4702-1 - It was discovered that Pound incorrectly handled certain HTTP requests A remote attacker could use it to retrieve some sensitive information.
Read more... -
Ubuntu Security Notice USN-4689-4
Operating System: Ubuntu ≈ Packet Storm Jan 21, 2021 | 15:21 pmUbuntu Security Notice 4689-4 - USN-4689-3 fixed vulnerabilities in the NVIDIA server graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel[…]
Read more... -
Ubuntu Security Notice USN-4697-2
Operating System: Ubuntu ≈ Packet Storm Jan 20, 2021 | 14:23 pmUbuntu Security Notice 4697-2 - USN-4697-1 fixed several vulnerabilities in Pillow. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that Pillow incorrectly handled certain PCX image files. If a user or automated system were tricked[…]
Read more... -
Ubuntu Security Notice USN-4701-1
Operating System: Ubuntu ≈ Packet Storm Jan 20, 2021 | 14:20 pmUbuntu Security Notice 4701-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service,[…]
Read more... -
Ubuntu Security Notice USN-4689-3
Operating System: Ubuntu ≈ Packet Storm Jan 20, 2021 | 14:20 pmUbuntu Security Notice 4689-3 - It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial[…]
Read more... -
Ubuntu Security Notice USN-4700-1
Operating System: Ubuntu ≈ Packet Storm Jan 20, 2021 | 14:15 pmUbuntu Security Notice 4700-1 - Alexandre D'Hondt discovered that PyXDG did not properly sanitize input. An attacker could exploit this with a crafted .menu file to execute arbitrary code.
Read more... -
Ubuntu Security Notice USN-4699-1
Operating System: Ubuntu ≈ Packet Storm Jan 19, 2021 | 14:46 pmUbuntu Security Notice 4699-1 - It was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information.
Read more...
-
sudo -- Multiple vulnerabilities
FreeBSD VuXML Jan 26, 2021 | 00:00 am
Read more... -
pysaml2 -- multiple vulnerabilities
FreeBSD VuXML Jan 26, 2021 | 00:00 am
Read more... -
jenkins -- Arbitrary file read vulnerability in workspace browsers
FreeBSD VuXML Jan 26, 2021 | 00:00 am
Read more... -
MySQL -- Multiple vulnerabilities
FreeBSD VuXML Jan 23, 2021 | 00:00 am
Read more... -
mutt -- denial of service
FreeBSD VuXML Jan 23, 2021 | 00:00 am
Read more... -
nokogiri -- Security vulnerability
FreeBSD VuXML Jan 22, 2021 | 00:00 am
Read more... -
chromium -- multiple vulnerabilities
FreeBSD VuXML Jan 22, 2021 | 00:00 am
Read more... -
chocolate-doom -- Arbitrary code execution
FreeBSD VuXML Jan 22, 2021 | 00:00 am
Read more...
-
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more... -
Linux Kernel Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Jul 12, 2018 | 21:43 pmLinux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
Read more... -
DHCP Client Command Injection (DynoRoot)
Operating System: Fedora ≈ Packet Storm Jun 12, 2018 | 23:58 pmThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]
Read more... -
Reliable Datagram Sockets (RDS) Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 19, 2018 | 06:48 amThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]
Read more... -
Libuser roothelper Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 13, 2018 | 21:49 pmThis Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]
Read more... -
MagniComp SysInfo mcsiwrapper Privilege Escalation
Operating System: Fedora ≈ Packet Storm Feb 20, 2018 | 14:09 pmThis Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]
Read more...