Service (16)
Children categories
Security News (14)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
View items...Workshops (2)
Installationen, Konfigurationen mit Bildern und Videos verständlich erklärt
View items...-
Ubuntu Security Notice USN-3685-2
Ruby Files ≈ Packet Storm Mar 26, 2021 | 14:18 pmUbuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.
Read more... -
Ubuntu Security Notice USN-4882-1
Ruby Files ≈ Packet Storm Mar 19, 2021 | 15:41 pmUbuntu Security Notice 4882-1 - It was discovered that the Ruby JSON gem incorrectly handled certain JSON files. If a user or automated system were tricked into parsing a specially crafted JSON file, a remote attacker could use this issue[…]
Read more... -
Red Hat Security Advisory 2020-5554-01
Ruby Files ≈ Packet Storm Dec 16, 2020 | 18:09 pmRed Hat Security Advisory 2020-5554-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-4134-01
Ruby Files ≈ Packet Storm Sep 30, 2020 | 15:52 pmRed Hat Security Advisory 2020-4134-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3574-01
Ruby Files ≈ Packet Storm Aug 27, 2020 | 22:29 pmRed Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3358-01
Ruby Files ≈ Packet Storm Aug 6, 2020 | 17:07 pmRed Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
OpenEMR 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Aug 3, 2020 | 16:52 pmOpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.
Read more... -
Ruby On Rails 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Jul 27, 2020 | 18:38 pmRuby On Rails version 5.0.1 remote code execution exploit.
Read more... -
Red Hat Security Advisory 2020-2839-01
Ruby Files ≈ Packet Storm Jul 7, 2020 | 16:18 pmRed Hat Security Advisory 2020-2839-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Read more... -
Red Hat Security Advisory 2020-2769-01
Ruby Files ≈ Packet Storm Jun 30, 2020 | 18:04 pmRed Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more...
Diese Module beschreiben alles, was mit der Administration des Grundsystems verbunden ist. Dazu gehören zum Beispiel Startverhalten, Anwenderverwaltung, Software-Installation und derzeit laufende Prozesse.
Vorbereitung und Installation
Um Webmin auf Ihrem System laufen zu lassen, benötigen Sie einige Pakete, die eventuell in der Standardinstallation Ihrer Distribution nicht vorhanden sind. Mittels yum, apt und Konsorten ist es aber ein Leichtes, diese Packages nachzuziehen. Vor allen Dingen lösen yum und apt die Abhängigkeiten von selbst auf und installieren selbstständig alles Notwendige.
-
Red Hat Security Advisory 2021-1145-01
Python Files ≈ Packet Storm Apr 9, 2021 | 15:06 pmRed Hat Security Advisory 2021-1145-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or[…]
Read more... -
SaltStack Salt API Unauthenticated Remote Command Execution
Python Files ≈ Packet Storm Apr 1, 2021 | 14:32 pmThis Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and[…]
Read more... -
Scapy Packet Manipulation Tool 2.4.5rc1
Python Files ≈ Packet Storm Mar 31, 2021 | 14:40 pmScapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery tool, and packet sniffer. It provides classes to interactively create packets or sets of packets, manipulate them, send them over the wire, sniff other packets from[…]
Read more... -
Red Hat Security Advisory 2021-0933-01
Python Files ≈ Packet Storm Mar 18, 2021 | 14:17 pmRed Hat Security Advisory 2021-0933-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.
Read more... -
Red Hat Security Advisory 2021-0915-01
Python Files ≈ Packet Storm Mar 18, 2021 | 13:48 pmRed Hat Security Advisory 2021-0915-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle.
Read more... -
Red Hat Security Advisory 2021-0881-01
Python Files ≈ Packet Storm Mar 17, 2021 | 14:26 pmRed Hat Security Advisory 2021-0881-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Ubuntu Security Notice USN-4754-3
Python Files ≈ Packet Storm Mar 12, 2021 | 16:16 pmUbuntu Security Notice 4754-3 - USN-4754-1 fixed vulnerabilities in Python. This update provides the corresponding updates for Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. In the case of Python 2.7 for 20.04 ESM, these additional fixes are included: It was[…]
Read more... -
Red Hat Security Advisory 2021-0761-01
Python Files ≈ Packet Storm Mar 9, 2021 | 15:42 pmRed Hat Security Advisory 2021-0761-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Ubuntu Security Notice USN-4754-4
Python Files ≈ Packet Storm Mar 3, 2021 | 15:43 pmUbuntu Security Notice 4754-4 - USN-4754-1 fixed vulnerabilities in Python. Because of a regression, a subsequent update removed the fix for CVE-2021-3177. This update reinstates the security fix for CVE-2021-3177. It was discovered that Python incorrectly handled certain inputs. An[…]
Read more... -
Ubuntu Security Notice USN-4754-2
Python Files ≈ Packet Storm Feb 26, 2021 | 16:11 pmUbuntu Security Notice 4754-2 - USN-4754-1 fixed a vulnerability in Python. The fix for CVE-2021-3177 introduced a regression in Python 2.7. This update reverts the security fix pending further investigation. It was discovered that Python incorrectly handled certain inputs. An[…]
Read more...
-
Ubuntu Security Notice USN-4886-1
CGI Files ≈ Packet Storm Mar 23, 2021 | 16:33 pmUbuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular[…]
Read more... -
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
CGI Files ≈ Packet Storm Mar 19, 2021 | 16:52 pmKZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help[…]
Read more... -
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more... -
Sony IPELA Network Camera Remote Stack Buffer Overflow
CGI Files ≈ Packet Storm Oct 1, 2020 | 15:09 pmSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]
Read more... -
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CGI Files ≈ Packet Storm Sep 18, 2020 | 17:11 pmTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more... -
Go CGI / FastCGI Transport Cross Site Scripting
CGI Files ≈ Packet Storm Sep 2, 2020 | 15:00 pmThe CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]
Read more...
snaplitics made a real revolution in the industry.
-
ExpressionEngine 6.0.2 PHP Code Injection
PHP Files ≈ Packet Storm Mar 15, 2021 | 21:05 pmExpressionEngine versions 6.0.2 and below suffer from a Translate::save PHP code injection vulnerability.
Read more... -
ForkCMS PHP Object Injection
PHP Files ≈ Packet Storm Mar 12, 2021 | 16:15 pmForkCMS versions prior to 5.8.3 suffer from a PHP object injection vulnerability.
Read more... -
QCubed 3.1.1 PHP Object Injection
PHP Files ≈ Packet Storm Mar 12, 2021 | 16:02 pmQCubed versions 3.1.1 and below suffer from a PHP object injection vulnerability.
Read more... -
Klog Server 2.4.1 Command Injection
PHP Files ≈ Packet Storm Feb 15, 2021 | 15:23 pmThis Metasploit module exploits an unauthenticated command injection vulnerability in Klog Server versions 2.4.1 and prior. The authenticate.php file uses the user HTTP POST parameter in a call to the shell_exec() PHP function without appropriate input validation, allowing arbitrary command[…]
Read more... -
PEAR Archive_Tar Arbitrary File Write
PHP Files ≈ Packet Storm Jan 25, 2021 | 14:51 pmThis Metasploit module takes advantages of Archive_Tar versions prior to 1.4.11 which fail to validate file stream wrappers contained within filenames to write an arbitrary file containing user controlled content to an arbitrary file on disk. Note that the file[…]
Read more... -
PHP-Fusion 9.03.90 Cross Site Request Forgery
PHP Files ≈ Packet Storm Jan 15, 2021 | 14:59 pmPHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
Read more... -
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
PHP Files ≈ Packet Storm Jan 12, 2021 | 16:32 pmWordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse[…]
Read more... -
WordPress wpDiscuz 7.0.4 Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:28 pmThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
Read more... -
Practical PHP Security
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:18 pmWhitepaper called Practical PHP Security.
Read more... -
WordPress Autoptimize Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 14:49 pmWordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote[…]
Read more...
-
Red Hat Security Advisory 2021-1145-01
Operating System: RedHat ≈ Packet Storm Apr 9, 2021 | 15:06 pmRed Hat Security Advisory 2021-1145-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or[…]
Read more... -
Red Hat Security Advisory 2021-1079-01
Operating System: RedHat ≈ Packet Storm Apr 9, 2021 | 15:06 pmRed Hat Security Advisory 2021-1079-01 - Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform[…]
Read more... -
Red Hat Security Advisory 2021-1135-01
Operating System: RedHat ≈ Packet Storm Apr 8, 2021 | 14:09 pmRed Hat Security Advisory 2021-1135-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Red Hat Security Advisory 2021-1129-01
Operating System: RedHat ≈ Packet Storm Apr 8, 2021 | 14:00 pmRed Hat Security Advisory 2021-1129-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment[…]
Read more... -
Red Hat Security Advisory 2021-1131-01
Operating System: RedHat ≈ Packet Storm Apr 7, 2021 | 20:09 pmRed Hat Security Advisory 2021-1131-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
Read more... -
Red Hat Security Advisory 2021-1093-01
Operating System: RedHat ≈ Packet Storm Apr 7, 2021 | 20:08 pmRed Hat Security Advisory 2021-1093-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-1125-01
Operating System: RedHat ≈ Packet Storm Apr 7, 2021 | 20:08 pmRed Hat Security Advisory 2021-1125-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
Read more... -
Red Hat Security Advisory 2021-1081-01
Operating System: RedHat ≈ Packet Storm Apr 7, 2021 | 20:04 pmRed Hat Security Advisory 2021-1081-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-1086-01
Operating System: RedHat ≈ Packet Storm Apr 7, 2021 | 20:04 pmRed Hat Security Advisory 2021-1086-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include an information leakage vulnerability.
Read more... -
Red Hat Security Advisory 2021-1072-01
Operating System: RedHat ≈ Packet Storm Apr 6, 2021 | 14:37 pmRed Hat Security Advisory 2021-1072-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Debian: DSA-4887-1: lib3mf security update
Advisories Apr 8, 2021 | 14:27 pm
Read more...
A use-after-free was discovered in Lib3MF, a C++ implementation of the 3D Manufacturing Format, which could result in the execution of arbitrary code if a malformed file is opened. -
Debian: DSA-4886-1: chromium security update
Advisories Apr 6, 2021 | 09:38 am
Read more...
Several vulnerabilites have been discovered in the chromium web browser. CVE-2021-21159 -
Debian: DSA-4885-1: netty security update
Advisories Apr 5, 2021 | 15:06 pm
Read more...
Multiple security issues were discovered in Netty, a Java NIO client/server framework, which could result in HTTP request smuggling, denial of service or information disclosure. -
Debian: DSA-4884-1: ldb security update
Advisories Apr 2, 2021 | 03:54 am
Read more...
Multiple vulnerabilities have been discovered in ldb, a LDAP-like embedded database built on top of TDB. CVE-2020-10730 -
Debian: DSA-4883-1: underscore security update
Advisories Apr 1, 2021 | 15:56 pm
Read more...
It was discovered that missing input sanitising in the template() function of the Underscore JavaScript library could result in the execution of arbitrary code. -
Debian: DSA-4882-1: openjpeg2 security update
Advisories Apr 1, 2021 | 15:50 pm
Read more...
Multiple vulnerabilities have been discovered in openjpeg2, the open-source JPEG 2000 codec, which could result in denial of service or the execution of arbitrary code when opening a malformed image. -
Debian: DSA-4881-1: curl security update
Advisories Mar 31, 2021 | 06:30 am
Read more...
Multiple vulnerabilities were discovered in cURL, an URL transfer library: CVE-2020-8169 -
Debian: DSA-4880-1: lxml security update
Advisories Mar 29, 2021 | 12:20 pm
Read more...
Kevin Chung discovered that lxml, a Python binding for the libxml2 and libxslt libraries, did not properly sanitize its input. This would allow a malicious user to mount a cross-site scripting attack. -
Debian: DSA-4879-1: spamassassin security update
Advisories Mar 27, 2021 | 13:18 pm
Read more...
Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4620-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Ubuntu Security Notice USN-4896-2
Operating System: Ubuntu ≈ Packet Storm Apr 8, 2021 | 14:20 pmUbuntu Security Notice 4896-2 - USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to[…]
Read more... -
Ubuntu Security Notice USN-4901-1
Operating System: Ubuntu ≈ Packet Storm Apr 7, 2021 | 20:09 pmUbuntu Security Notice 4901-1 - Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered[…]
Read more... -
Ubuntu Security Notice USN-4903-1
Operating System: Ubuntu ≈ Packet Storm Apr 7, 2021 | 20:09 pmUbuntu Security Notice 4903-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information.
Read more... -
Ubuntu Security Notice USN-4561-2
Operating System: Ubuntu ≈ Packet Storm Apr 6, 2021 | 14:37 pmUbuntu Security Notice 4561-2 - USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use[…]
Read more... -
Ubuntu Security Notice USN-4902-1
Operating System: Ubuntu ≈ Packet Storm Apr 6, 2021 | 14:37 pmUbuntu Security Notice 4902-1 - Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.
Read more... -
Ubuntu Security Notice USN-4900-1
Operating System: Ubuntu ≈ Packet Storm Apr 1, 2021 | 23:53 pmUbuntu Security Notice 4900-1 - It was discovered that OpenEXR incorrectly handled certain malformed EXR image files. If a user were tricked into opening a crafted EXR image file, a remote attacker could cause a denial of service, or possibly[…]
Read more... -
SaltStack Salt API Unauthenticated Remote Command Execution
Operating System: Ubuntu ≈ Packet Storm Apr 1, 2021 | 14:32 pmThis Metasploit module leverages an authentication bypass and directory traversal vulnerabilities in Saltstack Salt's REST API to execute commands remotely on the master as the root user. Every 60 seconds, salt-master service performs a maintenance process check that reloads and[…]
Read more... -
Ubuntu Security Notice USN-4899-1
Operating System: Ubuntu ≈ Packet Storm Apr 1, 2021 | 14:23 pmUbuntu Security Notice 4899-1 - Damian Lukowski discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially- crafted CF file, a remote attacker could possibly run arbitrary code.
Read more... -
Ubuntu Security Notice USN-4897-1
Operating System: Ubuntu ≈ Packet Storm Mar 31, 2021 | 14:30 pmUbuntu Security Notice 4897-1 - Ben Caller discovered that Pygments incorrectly handled parsing certain files. If a user or automated system were tricked into parsing a specially crafted file, a remote attacker could cause Pygments to hang or consume resources,[…]
Read more... -
Ubuntu Security Notice USN-4898-1
Operating System: Ubuntu ≈ Packet Storm Mar 31, 2021 | 14:30 pmUbuntu Security Notice 4898-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information. Mingtao Yang discovered that curl incorrectly handled session[…]
Read more...