Security News (14)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Unterkategorien
CMS Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache.
Artikel anzeigen...Server Security (2)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...Linux Security (6)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...Script Security (4)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
Artikel anzeigen...-
Red Hat Security Advisory 2020-3574-01
Ruby Files ≈ Packet Storm Aug 27, 2020 | 22:29 pmRed Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3358-01
Ruby Files ≈ Packet Storm Aug 6, 2020 | 17:07 pmRed Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
OpenEMR 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Aug 3, 2020 | 16:52 pmOpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.
Read more... -
Ruby On Rails 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Jul 27, 2020 | 18:38 pmRuby On Rails version 5.0.1 remote code execution exploit.
Read more... -
Red Hat Security Advisory 2020-2839-01
Ruby Files ≈ Packet Storm Jul 7, 2020 | 16:18 pmRed Hat Security Advisory 2020-2839-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Read more... -
Red Hat Security Advisory 2020-2769-01
Ruby Files ≈ Packet Storm Jun 30, 2020 | 18:04 pmRed Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Keystone 0.9.2
Ruby Files ≈ Packet Storm Jun 23, 2020 | 21:24 pmKeystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages,[…]
Read more... -
Red Hat Security Advisory 2020-2480-01
Ruby Files ≈ Packet Storm Jun 10, 2020 | 15:12 pmRed Hat Security Advisory 2020-2480-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-2288-01
Ruby Files ≈ Packet Storm May 26, 2020 | 14:42 pmRed Hat Security Advisory 2020-2288-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-2212-01
Ruby Files ≈ Packet Storm May 19, 2020 | 14:55 pmRed Hat Security Advisory 2020-2212-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.
Read more...
-
nfstream 6.1.3
Python Files ≈ Packet Storm Sep 21, 2020 | 23:47 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
nfstream 6.1.2
Python Files ≈ Packet Storm Sep 17, 2020 | 14:10 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
nfstream 6.1.1
Python Files ≈ Packet Storm Sep 16, 2020 | 20:09 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
Red Hat Security Advisory 2020-3749-01
Python Files ≈ Packet Storm Sep 15, 2020 | 17:05 pmRed Hat Security Advisory 2020-3749-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.
Read more... -
Red Hat Security Advisory 2020-3756-01
Python Files ≈ Packet Storm Sep 15, 2020 | 17:05 pmRed Hat Security Advisory 2020-3756-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.
Read more... -
Red Hat Security Advisory 2020-3658-01
Python Files ≈ Packet Storm Sep 8, 2020 | 18:10 pmRed Hat Security Advisory 2020-3658-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.
Read more... -
Scapy Packet Manipulation Tool 2.4.4
Python Files ≈ Packet Storm Sep 4, 2020 | 19:50 pmScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from[…]
Read more... -
Ubuntu Security Notice USN-4478-1
Python Files ≈ Packet Storm Sep 1, 2020 | 15:36 pmUbuntu Security Notice 4478-1 - It was discovered that Python-RSA incorrectly handled certain ciphertexts. An attacker could possibly use this issue to obtain sensitive information.
Read more... -
Ubuntu Security Notice USN-4479-1
Python Files ≈ Packet Storm Sep 1, 2020 | 15:36 pmUbuntu Security Notice 4479-1 - It was discovered that Django, when used with Python 3.7 or higher, incorrectly handled directory permissions. A local attacker could possibly use this issue to obtain sensitive information, or escalate permissions.
Read more... -
Red Hat Security Advisory 2020-3541-01
Python Files ≈ Packet Storm Aug 27, 2020 | 15:24 pmRed Hat Security Advisory 2020-3541-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration[…]
Read more...
-
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CGI Files ≈ Packet Storm Sep 18, 2020 | 17:11 pmTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more... -
Go CGI / FastCGI Transport Cross Site Scripting
CGI Files ≈ Packet Storm Sep 2, 2020 | 15:00 pmThe CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]
Read more... -
Geutebruck testaction.cgi Remote Command Execution
CGI Files ≈ Packet Storm Aug 17, 2020 | 17:40 pmThis Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions
Read more... -
Cayin CMS NTP Server 11.0 Remote Code Execution
CGI Files ≈ Packet Storm Jun 18, 2020 | 16:04 pmThis Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]
Read more... -
Cayin Content Management Server 11.0 Root Remote Command Injection
CGI Files ≈ Packet Storm Jun 4, 2020 | 19:29 pmCAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
Read more... -
Cayin Signage Media Player 3.0 Root Remote Command Injection
CGI Files ≈ Packet Storm Jun 4, 2020 | 19:26 pmCAYIN SMP-xxxx suffers from an authenticated OS command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP GET parameter in system.cgi and wizard_system.cgi pages.
Read more... -
Secure Computing SnapGear Management Console SG560 3.1.5 Arbitrary File Read / Write
CGI Files ≈ Packet Storm Jun 4, 2020 | 16:43 pmSecure Computing SnapGear Management Console SG560 version 3.1.5 suffers from arbitrary file read and write vulnerabilities. The application allows the currently logged-in user to edit the configuration files in the system using the CGI executable edit_config_files in /cgi-bin/cgix/. The files[…]
Read more... -
Synology DiskStation Manager smart.cgi Remote Command Execution
CGI Files ≈ Packet Storm May 22, 2020 | 19:03 pmThis Metasploit module exploits a vulnerability found in Synology DiskStation Manager (DSM) versions prior to 5.2-5967-5, which allows the execution of arbitrary commands under root privileges after website authentication. The vulnerability is located in webman/modules/StorageManager/smart.cgi, which allows appending of a[…]
Read more... -
Ubuntu Security Notice USN-4356-1
CGI Files ≈ Packet Storm May 13, 2020 | 14:26 pmUbuntu Security Notice 4356-1 - Jeriko One discovered that Squid incorrectly handled certain Edge Side Includes responses. A malicious remote server could cause Squid to crash, possibly poison the cache, or possibly execute arbitrary code. It was discovered that Squid[…]
Read more... -
Zen Load Balancer 3.10.1 Directory Traversal
CGI Files ≈ Packet Storm Apr 23, 2020 | 19:32 pmThis Metasploit module exploits an authenticated directory traversal vulnerability in Zen Load Balancer version 3.10.1. The flaw exists in index.cgi not properly handling the filelog= parameter which allows a malicious actor to load arbitrary file path.
Read more...
snaplitics made a real revolution in the industry.
-
Visitor Management System In PHP 1.0 Cross Site Scripting
PHP Files ≈ Packet Storm Sep 22, 2020 | 18:30 pmVisitor Management System in PHP version 1.0 suffers from an unauthenticated persistent cross site scripting vulnerability.
Read more... -
Visitor Management System In PHP 1.0 SQL Injection
PHP Files ≈ Packet Storm Sep 22, 2020 | 18:29 pmVisitor Management System in PHP version 1.0 suffers from a remote SQL injection vulnerability.
Read more... -
B-swiss 3 Digital Signage System 3.6.5 Backdoor Remote Code Execution
PHP Files ≈ Packet Storm Sep 21, 2020 | 14:52 pmB-swiss 3 Digital Signage System version 3.6.5 suffers from an authenticated arbitrary PHP code execution vulnerability. The vulnerability is caused due to the improper verification of uploaded files in index.php script thru the rec_poza POST parameter. This can be exploited[…]
Read more... -
Mida Solutions eFramework ajaxreq.php Command Injection
PHP Files ≈ Packet Storm Sep 16, 2020 | 15:37 pmThis Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration[…]
Read more... -
Gentoo Linux Security Advisory 202009-10
PHP Files ≈ Packet Storm Sep 14, 2020 | 14:46 pmGentoo Linux Security Advisory 202009-10 - A vulnerabilities in PHP could lead to a Denial of Service condition. Versions less than 7.2.33:7.2 are affected.
Read more... -
Red Hat Security Advisory 2020-3662-01
PHP Files ≈ Packet Storm Sep 8, 2020 | 18:10 pmRed Hat Security Advisory 2020-3662-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free[…]
Read more... -
D-Link Central WiFi Manager CWM(100) Remote Code Execution
PHP Files ≈ Packet Storm Aug 18, 2020 | 16:21 pmThis Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default,[…]
Read more... -
vBulletin 5.x Remote Code Execution
PHP Files ≈ Packet Storm Aug 13, 2020 | 16:57 pmThis Metasploit module exploits a logic bug within the template rendering code in vBulletin 5.x. The module uses the vBulletin template rendering functionality to render the widget_tabbedcontainer_tab_panel template while also providing the widget_php argument. This causes the former template to[…]
Read more... -
Baldr Botnet Panel Shell Upload
PHP Files ≈ Packet Storm Jul 29, 2020 | 18:56 pmThis Metasploit module exploits a arbitrary file upload vulnerability within the Baldr stealer malware control panel. Attackers can turn this vulnerability into remote code execution by adding malicious PHP code inside the victim logs ZIP file and registering a new[…]
Read more... -
Pandora FMS 7.0 NG 7XX Remote Command Execution
PHP Files ≈ Packet Storm Jul 11, 2020 | 14:16 pmThis Metasploit module exploits a vulnerability (CVE-2020-13851) in Pandora FMS versions 7.0 NG 742, 7.0 NG 743, and 7.0 NG 744 (and perhaps older versions) in order to execute arbitrary commands. This module takes advantage of a command injection vulnerability[…]
Read more...
-
Red Hat Security Advisory 2020-3835-01
Operating System: RedHat ≈ Packet Storm Sep 24, 2020 | 19:35 pmRed Hat Security Advisory 2020-3835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-3834-01
Operating System: RedHat ≈ Packet Storm Sep 24, 2020 | 19:34 pmRed Hat Security Advisory 2020-3834-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-3833-01
Operating System: RedHat ≈ Packet Storm Sep 24, 2020 | 19:34 pmRed Hat Security Advisory 2020-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-3836-01
Operating System: RedHat ≈ Packet Storm Sep 24, 2020 | 19:34 pmRed Hat Security Advisory 2020-3836-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a null pointer vulnerability.
Read more... -
Red Hat Security Advisory 2020-3832-01
Operating System: RedHat ≈ Packet Storm Sep 24, 2020 | 19:34 pmRed Hat Security Advisory 2020-3832-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-3807-01
Operating System: RedHat ≈ Packet Storm Sep 24, 2020 | 00:30 amRed Hat Security Advisory 2020-3807-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include code execution and cross site scripting vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-3806-01
Operating System: RedHat ≈ Packet Storm Sep 24, 2020 | 00:30 amRed Hat Security Advisory 2020-3806-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot[…]
Read more... -
Red Hat Security Advisory 2020-3817-01
Operating System: RedHat ≈ Packet Storm Sep 23, 2020 | 14:57 pmRed Hat Security Advisory 2020-3817-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in[…]
Read more... -
Red Hat Security Advisory 2020-3808-01
Operating System: RedHat ≈ Packet Storm Sep 23, 2020 | 14:57 pmRed Hat Security Advisory 2020-3808-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such[…]
Read more... -
Red Hat Security Advisory 2020-3809-01
Operating System: RedHat ≈ Packet Storm Sep 23, 2020 | 14:57 pmRed Hat Security Advisory 2020-3809-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmLanguage EnglishMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Debian: DSA-4767-1: mediawiki security update
Advisories Sep 25, 2020 | 13:43 pm
Read more...
Multiple security issues were discovered in MediaWiki, a website engine for collaborative work: SpecialUserRights could leak whether a user existed or not, multiple code paths lacked HTML sanitisation allowing for cross-site scripting and TOTP validation applied insufficient rate -
Debian: DSA-4766-1: rails security update
Advisories Sep 24, 2020 | 16:50 pm
Read more...
Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits. -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian: DSA-4765-1: modsecurity security update
Advisories Sep 18, 2020 | 13:24 pm
Read more...
Ervin Hegedues discovered that ModSecurity v3 enabled global regular expression matching which could result in denial of service. For additional information please refer to https://coreruleset.org/20200914/cve-2020-15598/ -
Debian: DSA-4764-1: inspircd security update
Advisories Sep 18, 2020 | 13:14 pm
Read more...
Two security issues were discovered in the pgsql and mysql modules of the InspIRCd IRC daemon, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in -
Debian: DSA-4763-1: teeworlds security update
Advisories Sep 14, 2020 | 14:23 pm
Read more...
It was discovered that insufficient sanitising of received network packets in the game server of Teeworlds, an online multi-player platform 2D shooter, could result in denial of service. -
Debian: DSA-4761-1: zeromq3 security update
Advisories Sep 7, 2020 | 15:11 pm
Read more...
It was discovered that ZeroMQ, a lightweight messaging kernel library does not properly handle connecting peers before a handshake is completed. A remote, unauthenticated client connecting to an application using the libzmq library, running with a socket listening with CURVE -
Debian: DSA-4762-1: lemonldap-ng security update
Advisories Sep 7, 2020 | 15:11 pm
Read more...
It was discovered that the default configuration files for running the Lemonldap::NG Web SSO system on the Nginx web server were susceptible to authorisation bypass of URL access rules. The Debian packages do not use Nginx by default. -
Debian: DSA-4760-1: qemu security update
Advisories Sep 6, 2020 | 14:00 pm
Read more...
Multiple security issues were discovered in QEMU, a fast processor emulator: CVE-2020-12829 -
Debian: DSA-4759-1: ark security update
Advisories Sep 4, 2020 | 15:14 pm
Read more...
Fabian Vogt reported that the Ark archive manager did not sanitise extraction paths, which could result in maliciously crafted archives with symlinks writing outside the extraction directory. -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4620-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Ubuntu Security Notice USN-4540-1
Operating System: Ubuntu ≈ Packet Storm Sep 25, 2020 | 15:53 pmUbuntu Security Notice 4540-1 - Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. Denis Andzakovic discovered that atftpd[…]
Read more... -
Ubuntu Security Notice USN-4539-1
Operating System: Ubuntu ≈ Packet Storm Sep 24, 2020 | 19:54 pmUbuntu Security Notice 4539-1 - Andrew Bartlett discovered that DAViCal Andrew's Web Libraries did not properly manage session keys. An attacker could possibly use this issue to impersonate a session.
Read more... -
Ubuntu Security Notice USN-4537-1
Operating System: Ubuntu ≈ Packet Storm Sep 24, 2020 | 19:35 pmUbuntu Security Notice 4537-1 - Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files.
Read more... -
Ubuntu Security Notice USN-4538-1
Operating System: Ubuntu ≈ Packet Storm Sep 24, 2020 | 19:35 pmUbuntu Security Notice 4538-1 - Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. Sami Niemimäki discovered that PackageKit incorrectly handled local[…]
Read more... -
Ubuntu Security Notice USN-4536-1
Operating System: Ubuntu ≈ Packet Storm Sep 24, 2020 | 19:35 pmUbuntu Security Notice 4536-1 - Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting attacks. Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker[…]
Read more... -
Ubuntu Security Notice USN-4535-1
Operating System: Ubuntu ≈ Packet Storm Sep 24, 2020 | 00:30 amUbuntu Security Notice 4535-1 - Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code.
Read more... -
Ubuntu Security Notice USN-4534-1
Operating System: Ubuntu ≈ Packet Storm Sep 23, 2020 | 14:58 pmUbuntu Security Notice 4534-1 - It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
Read more... -
Ubuntu Security Notice USN-4532-1
Operating System: Ubuntu ≈ Packet Storm Sep 23, 2020 | 14:57 pmUbuntu Security Notice 4532-1 - It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack.[…]
Read more... -
Ubuntu Security Notice USN-4533-1
Operating System: Ubuntu ≈ Packet Storm Sep 23, 2020 | 14:57 pmUbuntu Security Notice 4533-1 - Veeti Veteläinen discovered that the LTSP Display Manager incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges.
Read more... -
Ubuntu Security Notice USN-4530-1
Operating System: Ubuntu ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more...
-
libxml -- multiple vulnerabilities
FreeBSD VuXML Sep 22, 2020 | 00:00 am
Read more... -
chromium -- multiple vulnerabilities
FreeBSD VuXML Sep 22, 2020 | 00:00 am
Read more... -
py-matrix-synapse -- malformed events may prevent users from joining federated rooms
FreeBSD VuXML Sep 21, 2020 | 00:00 am
Read more...
-
netkit-telnet 0.17 Remote Code Execution
Operating System: Fedora ≈ Packet Storm Mar 5, 2020 | 20:57 pmnetkit-telnet version 0.17 telnetd on Fedora 31 BraveStarr remote code execution exploit.
Read more... -
vReliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
Operating System: Fedora ≈ Packet Storm Dec 23, 2019 | 21:02 pmThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This module has been tested successfully on Fedora 13 (i686) kernel version 2.6.33.3-85.fc13.i686.PAE and[…]
Read more... -
Grub2 grub2-set-bootflag Environment Corruption
Operating System: Fedora ≈ Packet Storm Nov 27, 2019 | 23:02 pmGrub2 has grub2-set-bootflag setuid in the new Fedora release and has the ability to corrupt the environment.
Read more... -
SystemTap 1.3 MODPROBE_OPTIONS Privilege Escalation
Operating System: Fedora ≈ Packet Storm Apr 19, 2019 | 13:28 pmThis Metasploit module attempts to gain root privileges by exploiting a vulnerability in the staprun executable included with SystemTap version 1.3. The staprun executable does not clear environment variables prior to executing modprobe, allowing an arbitrary configuration file to be[…]
Read more... -
Linux Nested User Namespace idmap Limit Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Nov 28, 2018 | 01:51 amThis Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root (CVE-2018-18955). The target system must have unprivileged user[…]
Read more... -
Linux Kernel Local Privilege Escalation
Operating System: Fedora ≈ Packet Storm Jul 12, 2018 | 21:43 pmLinux kernels prior to version 4.13.9 (Ubuntu 16.04/Fedora 27) local privilege escalation exploit.
Read more... -
DHCP Client Command Injection (DynoRoot)
Operating System: Fedora ≈ Packet Storm Jun 12, 2018 | 23:58 pmThis Metasploit module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager integration script included in the DHCP client in Red Hat Enterprise Linux 6 and 7, Fedora 28, and earlier processes DHCP options. A malicious DHCP server, or[…]
Read more... -
Reliable Datagram Sockets (RDS) Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 19, 2018 | 06:48 amThis Metasploit module exploits a vulnerability in the rds_page_copy_user function in net/rds/page.c (RDS) in Linux kernel versions 2.6.30 to 2.6.36-rc8 to execute code as root (CVE-2010-3904). This Metasploit module has been tested successfully on Fedora 13 (i686) with kernel version[…]
Read more... -
Libuser roothelper Privilege Escalation
Operating System: Fedora ≈ Packet Storm May 13, 2018 | 21:49 pmThis Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit[…]
Read more... -
MagniComp SysInfo mcsiwrapper Privilege Escalation
Operating System: Fedora ≈ Packet Storm Feb 20, 2018 | 14:09 pmThis Metasploit module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable[…]
Read more...
