Security News (14)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Unterkategorien
CMS Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache.
Artikel anzeigen...Server Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...Linux Security (6)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...-
Red Hat Security Advisory 2021-3559-01
Ruby Files ≈ Packet Storm Sep 20, 2021 | 16:35 pmRed Hat Security Advisory 2021-3559-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2021-3020-01
Ruby Files ≈ Packet Storm Aug 6, 2021 | 14:01 pmRed Hat Security Advisory 2021-3020-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Ubuntu Security Notice USN-5020-1
Ruby Files ≈ Packet Storm Jul 21, 2021 | 16:20 pmUbuntu Security Notice 5020-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this[…]
Read more... -
Red Hat Security Advisory 2021-2588-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:21 pmRed Hat Security Advisory 2021-2588-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information[…]
Read more... -
Red Hat Security Advisory 2021-2587-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:20 pmRed Hat Security Advisory 2021-2587-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and[…]
Read more... -
Red Hat Security Advisory 2021-2584-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:18 pmRed Hat Security Advisory 2021-2584-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload
Ruby Files ≈ Packet Storm Jun 23, 2021 | 15:54 pmThis ruby script is a 4-in-1 exploit that leverages shell upload, bypass, and information disclosure vulnerabilities in Monitorr version 1.7.6m.
Read more... -
Red Hat Security Advisory 2021-2229-01
Ruby Files ≈ Packet Storm Jun 3, 2021 | 15:23 pmRed Hat Security Advisory 2021-2229-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Red Hat Security Advisory 2021-2230-01
Ruby Files ≈ Packet Storm Jun 3, 2021 | 15:13 pmRed Hat Security Advisory 2021-2230-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information[…]
Read more... -
Red Hat Security Advisory 2021-2104-01.tt
Ruby Files ≈ Packet Storm May 25, 2021 | 14:44 pmRed Hat Security Advisory 2021-2104-01.tt - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and[…]
Read more...
-
Ubuntu Security Notice USN-5083-1
Python Files ≈ Packet Storm Sep 17, 2021 | 16:02 pmUbuntu Security Notice 5083-1 - It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. It was discovered that Python incorrectly[…]
Read more... -
Red Hat Security Advisory 2021-3490-01
Python Files ≈ Packet Storm Sep 15, 2021 | 15:10 pmRed Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
Read more... -
Rencode Denial Of Service
Python Files ≈ Packet Storm Sep 8, 2021 | 14:28 pmThe Rencode python module for object serialization suffers from a 3-byte denial of service vulnerability.
Read more... -
nfstream 6.3.4
Python Files ≈ Packet Storm Sep 3, 2021 | 15:29 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
Red Hat Security Advisory 2021-3366-01
Python Files ≈ Packet Storm Aug 31, 2021 | 16:31 pmRed Hat Security Advisory 2021-3366-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2021-3254-01
Python Files ≈ Packet Storm Aug 30, 2021 | 03:33 amRed Hat Security Advisory 2021-3254-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2021-3252-01
Python Files ≈ Packet Storm Aug 27, 2021 | 18:22 pmRed Hat Security Advisory 2021-3252-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2021-2760-01
Python Files ≈ Packet Storm Jul 19, 2021 | 15:38 pmRed Hat Security Advisory 2021-2760-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or[…]
Read more... -
Red Hat Security Advisory 2021-2758-01
Python Files ≈ Packet Storm Jul 15, 2021 | 19:32 pmRed Hat Security Advisory 2021-2758-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or[…]
Read more... -
Stegano 0.9.9
Python Files ≈ Packet Storm Jul 5, 2021 | 16:43 pmStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced[…]
Read more...
-
Geutebruck instantrec Remote Command Execution
CGI Files ≈ Packet Storm Sep 17, 2021 | 16:02 pmThis Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and[…]
Read more... -
Geutebruck Remote Command Execution
CGI Files ≈ Packet Storm Sep 2, 2021 | 15:36 pmThis Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices[…]
Read more... -
IPFire 2.25 Remote Code Execution
CGI Files ≈ Packet Storm Jun 15, 2021 | 15:18 pmThis Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.
Read more... -
Ubuntu Security Notice USN-4886-1
CGI Files ≈ Packet Storm Mar 23, 2021 | 16:33 pmUbuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular[…]
Read more... -
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
CGI Files ≈ Packet Storm Mar 19, 2021 | 16:52 pmKZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help[…]
Read more... -
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more...
snaplitics made a real revolution in the industry.
-
elFinder Archive Command Injection
PHP Files ≈ Packet Storm Sep 15, 2021 | 15:30 pmelFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the[…]
Read more... -
AHSS-PHP 1.0 Cross Site Scripting / SQL Injection
PHP Files ≈ Packet Storm Sep 15, 2021 | 15:15 pmAHSS-PHP version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
Read more... -
POMS-PHP 1.0 SQL Injection
PHP Files ≈ Packet Storm Sep 9, 2021 | 10:22 amPOMS-PHP version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Read more... -
Firebase PHP-JWT Algorithm Confusion
PHP Files ≈ Packet Storm Aug 15, 2021 | 10:11 amFirebase's PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.
Read more... -
COVID19 Testing Management System 1.0 SQL Injection
PHP Files ≈ Packet Storm Aug 12, 2021 | 15:39 pmCOVID19 Testing Management System version 1.0 suffers from a remote SQL injection vulnerability leveraging the searchdata parameter on the patient-search-report.php page. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke[…]
Read more... -
Red Hat Security Advisory 2021-2992-01
PHP Files ≈ Packet Storm Aug 3, 2021 | 14:47 pmRed Hat Security Advisory 2021-2992-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include bypass, null pointer, and server-side request forgery vulnerabilities.
Read more... -
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
PHP Files ≈ Packet Storm Aug 3, 2021 | 14:31 pmHotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.
Read more... -
PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection
PHP Files ≈ Packet Storm Jul 27, 2021 | 14:46 pmPHP version 7.3.15-3 suffers from a PHP_SESSION_UPLOAD_PROGRESS session data injection vulnerability.
Read more... -
WordPress SP Project And Document Remote Code Execution
PHP Files ≈ Packet Storm Jul 26, 2021 | 16:20 pmThis Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for[…]
Read more... -
WordPress Modern Events Calendar Remote Code Execution
PHP Files ≈ Packet Storm Jul 26, 2021 | 16:16 pmThis Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check[…]
Read more...
-
Red Hat Security Advisory 2021-3638-01
Operating System: RedHat ≈ Packet Storm Sep 22, 2021 | 16:40 pmRed Hat Security Advisory 2021-3638-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, out of bounds read, path sanitization, and use-after-free[…]
Read more... -
Red Hat Security Advisory 2021-3639-01
Operating System: RedHat ≈ Packet Storm Sep 22, 2021 | 16:32 pmRed Hat Security Advisory 2021-3639-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, out of bounds read, path sanitization, and use-after-free[…]
Read more... -
Red Hat Security Advisory 2021-3623-01
Operating System: RedHat ≈ Packet Storm Sep 21, 2021 | 15:49 pmRed Hat Security Advisory 2021-3623-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, path sanitization, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-3572-01
Operating System: RedHat ≈ Packet Storm Sep 21, 2021 | 15:46 pmRed Hat Security Advisory 2021-3572-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Issues addressed include[…]
Read more... -
Red Hat Security Advisory 2021-3598-01
Operating System: RedHat ≈ Packet Storm Sep 21, 2021 | 15:42 pmRed Hat Security Advisory 2021-3598-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
Read more... -
Red Hat Security Advisory 2021-3582-01
Operating System: RedHat ≈ Packet Storm Sep 21, 2021 | 15:40 pmRed Hat Security Advisory 2021-3582-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Read more... -
Red Hat Security Advisory 2021-3590-01
Operating System: RedHat ≈ Packet Storm Sep 21, 2021 | 15:37 pmRed Hat Security Advisory 2021-3590-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2021-3585-01
Operating System: RedHat ≈ Packet Storm Sep 21, 2021 | 15:36 pmRed Hat Security Advisory 2021-3585-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Read more... -
Red Hat Security Advisory 2021-3576-01
Operating System: RedHat ≈ Packet Storm Sep 21, 2021 | 15:31 pmRed Hat Security Advisory 2021-3576-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to[…]
Read more... -
Red Hat Security Advisory 2021-3559-01
Operating System: RedHat ≈ Packet Storm Sep 20, 2021 | 16:35 pmRed Hat Security Advisory 2021-3559-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Debian: DSA-4976-1: wpewebkit security update
Advisories Sep 21, 2021 | 06:17 am
Read more...
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30858 -
Debian: DSA-4975-1: webkit2gtk security update
Advisories Sep 21, 2021 | 06:15 am
Read more...
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30858 -
Debian: DSA-4977-1: xen security update
Advisories Sep 20, 2021 | 15:08 pm
Read more...
Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks. -
Debian: DSA-4974-1: nextcloud-desktop security update
Advisories Sep 19, 2021 | 06:35 am
Read more...
Two vulnerabilities were discovered in the Nextcloud desktop client, which could result in information disclosure. For the oldstable distribution (buster), these problems have been fixed -
Debian: DSA-4973-1: thunderbird security update
Advisories Sep 10, 2021 | 16:21 pm
Read more...
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (buster), this problem has been fixed -
Debian: DSA-4972-1: ghostscript security update
Advisories Sep 10, 2021 | 08:16 am
Read more...
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the[…] -
Debian: DSA-4971-1: ntfs-3g security update
Advisories Sep 9, 2021 | 15:15 pm
Read more...
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation. -
Debian: DSA-4970-1: postorius security update
Advisories Sep 9, 2021 | 13:52 pm
Read more...
Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when unsubscribing. -
Debian: DSA-4969-1: firefox-esr security update
Advisories Sep 9, 2021 | 13:49 pm
Read more...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. -
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Debian ≈ Packet Storm Jul 21, 2021 | 16:10 pmQualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more... -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Ubuntu Security Notice USN-5089-2
Operating System: Ubuntu ≈ Packet Storm Sep 23, 2021 | 15:43 pmUbuntu Security Notice 5089-2 - USN-5089-1 updated ca-certificates. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This[…]
Read more... -
Ubuntu Security Notice USN-5089-1
Operating System: Ubuntu ≈ Packet Storm Sep 23, 2021 | 15:40 pmUbuntu Security Notice 5089-1 - The ca-certificates package contained a CA certificate that will expire on 2021-09-30 and will cause connectivity issues. This update removes the “DST Root CA X3” CA.
Read more... -
Ubuntu Security Notice USN-5088-1
Operating System: Ubuntu ≈ Packet Storm Sep 23, 2021 | 15:34 pmUbuntu Security Notice 5088-1 - It was discovered that EDK II incorrectly handled input validation in MdeModulePkg. A local user could possibly use this issue to cause EDK II to crash, resulting in a denial of service, obtain sensitive information[…]
Read more... -
Ubuntu Security Notice USN-5087-1
Operating System: Ubuntu ≈ Packet Storm Sep 23, 2021 | 15:31 pmUbuntu Security Notice 5087-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related[…]
Read more... -
Ubuntu Security Notice USN-5085-1
Operating System: Ubuntu ≈ Packet Storm Sep 22, 2021 | 16:40 pmUbuntu Security Notice 5085-1 - It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service.
Read more... -
Ubuntu Security Notice USN-5086-1
Operating System: Ubuntu ≈ Packet Storm Sep 22, 2021 | 16:38 pmUbuntu Security Notice 5086-1 - Johan Almbladh discovered that the eBPF JIT implementation for IBM s390x systems in the Linux kernel miscompiled operations in some situations, allowing circumvention of the BPF verifier. A local attacker could use this to cause[…]
Read more... -
Ubuntu Security Notice USN-5073-3
Operating System: Ubuntu ≈ Packet Storm Sep 22, 2021 | 16:33 pmUbuntu Security Notice 5073-3 - Norbert Slusarek discovered that the CAN broadcast manger protocol implementation in the Linux kernel did not properly initialize memory in some situations. A local attacker could use this to expose sensitive information. Murray McAllister discovered[…]
Read more... -
Ubuntu Security Notice USN-5071-3
Operating System: Ubuntu ≈ Packet Storm Sep 22, 2021 | 16:24 pmUbuntu Security Notice 5071-3 - It was discovered that the KVM hypervisor implementation in the Linux kernel did not properly perform reference counting in some situations, leading to a use-after-free vulnerability. An attacker who could start and control a VM[…]
Read more... -
Ubuntu Security Notice USN-5084-1
Operating System: Ubuntu ≈ Packet Storm Sep 21, 2021 | 15:49 pmUbuntu Security Notice 5084-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial[…]
Read more... -
Ubuntu Security Notice USN-5079-4
Operating System: Ubuntu ≈ Packet Storm Sep 21, 2021 | 15:49 pmUbuntu Security Notice 5079-4 - USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would[…]
Read more...
-
cURL -- Multiple vulnerabilities
FreeBSD VuXML Sep 17, 2021 | 00:00 am
Read more... -
seatd-launch -- privilege escalation with SUID
FreeBSD VuXML Sep 16, 2021 | 00:00 am
Read more... -
chromium -- multiple vulnerabilities
FreeBSD VuXML Sep 14, 2021 | 00:00 am
Read more... -
Matrix clients -- several vulnerabilities
FreeBSD VuXML Sep 13, 2021 | 00:00 am
Read more... -
consul -- rpc: authorize raft requests
FreeBSD VuXML Sep 11, 2021 | 00:00 am
Read more... -
go -- archive/zip: overflow in preallocation check can cause OOM panic
FreeBSD VuXML Sep 10, 2021 | 00:00 am
Read more...
-
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Fedora ≈ Packet Storm Jul 21, 2021 | 16:10 pmQualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more... -
Fedora / Gnome fscaps Issue
Operating System: Fedora ≈ Packet Storm Jun 22, 2021 | 19:20 pmFedora with Gnome has an issue where it is not using fscaps safely.
Read more... -
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more... -
Linux Kernel Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Jul 12, 2018 | 21:43 pmLinux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
Read more... -
DHCP Client Command Injection (DynoRoot)
Operating System: Fedora ≈ Packet Storm Jun 12, 2018 | 23:58 pmThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]
Read more... -
Reliable Datagram Sockets (RDS) Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 19, 2018 | 06:48 amThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]
Read more...