Service (16)
Children categories
Security News (14)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
View items...Workshops (2)
Installationen, Konfigurationen mit Bildern und Videos verständlich erklärt
View items...-
Ubuntu Security Notice USN-5235-1
Ruby Files ≈ Packet Storm Jan 19, 2022 | 16:19 pmUbuntu Security Notice 5235-1 - It was discovered that Ruby incorrectly handled certain HTML files. An attacker could possibly use this issue to cause a crash. This issue only affected Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. It was[…]
Read more... -
Red Hat Security Advisory 2021-3982-01
Ruby Files ≈ Packet Storm Oct 26, 2021 | 15:24 pmRed Hat Security Advisory 2021-3982-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2021-3559-01
Ruby Files ≈ Packet Storm Sep 20, 2021 | 16:35 pmRed Hat Security Advisory 2021-3559-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2021-3020-01
Ruby Files ≈ Packet Storm Aug 6, 2021 | 14:01 pmRed Hat Security Advisory 2021-3020-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Ubuntu Security Notice USN-5020-1
Ruby Files ≈ Packet Storm Jul 21, 2021 | 16:20 pmUbuntu Security Notice 5020-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this[…]
Read more... -
Red Hat Security Advisory 2021-2588-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:21 pmRed Hat Security Advisory 2021-2588-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information[…]
Read more... -
Red Hat Security Advisory 2021-2587-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:20 pmRed Hat Security Advisory 2021-2587-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and[…]
Read more... -
Red Hat Security Advisory 2021-2584-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:18 pmRed Hat Security Advisory 2021-2584-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload
Ruby Files ≈ Packet Storm Jun 23, 2021 | 15:54 pmThis ruby script is a 4-in-1 exploit that leverages shell upload, bypass, and information disclosure vulnerabilities in Monitorr version 1.7.6m.
Read more... -
Red Hat Security Advisory 2021-2229-01
Ruby Files ≈ Packet Storm Jun 3, 2021 | 15:23 pmRed Hat Security Advisory 2021-2229-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
Read more...
Diese Module beschreiben alles, was mit der Administration des Grundsystems verbunden ist. Dazu gehören zum Beispiel Startverhalten, Anwenderverwaltung, Software-Installation und derzeit laufende Prozesse.
Vorbereitung und Installation
Um Webmin auf Ihrem System laufen zu lassen, benötigen Sie einige Pakete, die eventuell in der Standardinstallation Ihrer Distribution nicht vorhanden sind. Mittels yum, apt und Konsorten ist es aber ein Leichtes, diese Packages nachzuziehen. Vor allen Dingen lösen yum und apt die Abhängigkeiten von selbst auf und installieren selbstständig alles Notwendige.
-
Ubuntu Security Notice USN-5200-1
Python Files ≈ Packet Storm Dec 17, 2021 | 19:23 pmUbuntu Security Notice 5200-1 - It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex allowing for catastrophic backtracking. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for a client.[…]
Read more... -
Ubuntu Security Notice USN-5201-1
Python Files ≈ Packet Storm Dec 17, 2021 | 19:23 pmUbuntu Security Notice 5201-1 - It was discovered that the Python urllib http client could enter into an infinite loop when incorrectly handling certain server responses. Specially crafted traffic from a malicious HTTP server could cause a denial of service[…]
Read more... -
Ubuntu Security Notice USN-5199-1
Python Files ≈ Packet Storm Dec 17, 2021 | 19:23 pmUbuntu Security Notice 5199-1 - It was discovered that the urllib.request.AbstractBasicAuthHandler class in Python contains regex with a quadratic worst-case time complexity. Specially crafted traffic from a malicious HTTP server could cause a regular expression denial of service condition for[…]
Read more... -
Red Hat Security Advisory 2021-5070-02
Python Files ≈ Packet Storm Dec 10, 2021 | 15:00 pmRed Hat Security Advisory 2021-5070-02 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.1 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
Read more... -
nfstream 6.4.0
Python Files ≈ Packet Storm Dec 10, 2021 | 15:00 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
Red Hat Security Advisory 2021-5071-01
Python Files ≈ Packet Storm Dec 10, 2021 | 14:45 pmRed Hat Security Advisory 2021-5071-01 - Eventlet is a networking library written in Python. It achieves high scalability by using non-blocking io while at the same time retaining high programmer usability by using coroutines to make the non-blocking io operations[…]
Read more... -
Stegano 0.10.1
Python Files ≈ Packet Storm Nov 30, 2021 | 14:49 pmStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced[…]
Read more... -
Photon OSINT Crawler 1.3.2
Python Files ≈ Packet Storm Nov 30, 2021 | 10:11 amPhoton is a relatively fast crawler designed for automating OSINT (Open Source Intelligence) with a simple interface and tons of customization options. It is written in Python. Photon essentially acts as a web crawler which is able to extract URLs[…]
Read more... -
Red Hat Security Advisory 2021-4455-03
Python Files ≈ Packet Storm Nov 10, 2021 | 17:12 pmRed Hat Security Advisory 2021-4455-03 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand[…]
Read more... -
Red Hat Security Advisory 2021-4151-06
Python Files ≈ Packet Storm Nov 10, 2021 | 17:10 pmRed Hat Security Advisory 2021-4151-06 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more...
-
Ubuntu Security Notice USN-5142-3
CGI Files ≈ Packet Storm Dec 14, 2021 | 15:37 pmUbuntu Security Notice 5142-3 - USN-5142-1 fixed vulnerabilities in Samba. Some of the upstream changes introduced a regression in Kerberos authentication in certain environments. Please see the following upstream bug for more information: https://bugzilla.samba.org/show_bug.cgi?id=14922 This update fixes the problem. Various[…]
Read more... -
Apache 2.4.49 / 2.4.50 Traversal / Remote Code Execution
CGI Files ≈ Packet Storm Oct 25, 2021 | 17:10 pmThis Metasploit module exploits an unauthenticated remote code execution vulnerability which exists in Apache version 2.4.49 (CVE-2021-41773). If files outside of the document root are not protected by ‘require all denied’ and CGI has been explicitly enabled, it can be[…]
Read more... -
Geutebruck instantrec Remote Command Execution
CGI Files ≈ Packet Storm Sep 17, 2021 | 16:02 pmThis Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and[…]
Read more... -
Geutebruck Remote Command Execution
CGI Files ≈ Packet Storm Sep 2, 2021 | 15:36 pmThis Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices[…]
Read more... -
IPFire 2.25 Remote Code Execution
CGI Files ≈ Packet Storm Jun 15, 2021 | 15:18 pmThis Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.
Read more... -
Ubuntu Security Notice USN-4886-1
CGI Files ≈ Packet Storm Mar 23, 2021 | 16:33 pmUbuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular[…]
Read more... -
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
CGI Files ≈ Packet Storm Mar 19, 2021 | 16:52 pmKZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help[…]
Read more... -
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more...
snaplitics made a real revolution in the industry.
-
Library System In PHP 1.0 Cross Site Scripting
PHP Files ≈ Packet Storm Jan 5, 2022 | 16:24 pmLibrary System in PHP version 1.0 suffers from a persistent cross site scripting vulnerability.
Read more... -
WordPress Popular Posts 5.3.2 Remote Code Execution
PHP Files ≈ Packet Storm Dec 20, 2021 | 16:28 pmThis exploit requires Metasploit to have a FQDN and the ability to run a payload web server on port 80, 443, or 8080. The FQDN must also not resolve to a reserved address (192/172/127/10). The server must also respond to[…]
Read more... -
Bazaar Web PHP Social Listings Shell Upload
PHP Files ≈ Packet Storm Dec 20, 2021 | 16:18 pmBazaar Web PHP Social Listings suffers from a remote shell upload vulnerability.
Read more... -
Signup PHP Portal 2.1 Shell Upload
PHP Files ≈ Packet Storm Dec 20, 2021 | 13:58 pmSignup PHP Portal version 2.1 suffers from a remote shell upload vulnerability.
Read more... -
Online Enrollment Management System In PHP And PayPal 1.0 Cross Site Scripting
PHP Files ≈ Packet Storm Dec 1, 2021 | 16:30 pmOnline Enrollment Management System in PHP and PayPal version 1.0 suffers from a persistent cross site scripting vulnerability.
Read more... -
SuiteCRM 7.11.18 Remote Code Execution
PHP Files ≈ Packet Storm Nov 17, 2021 | 15:23 pmThis Metasploit module exploits an input validation error on the log file extension parameter of SuiteCRM version 7.11.18. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file.[…]
Read more... -
PHP Laravel 8.70.1 Cross Site Request Forgery / Cross Site Scripting
PHP Files ≈ Packet Storm Nov 15, 2021 | 17:32 pmPHP Laravel version 8.70.1 suffers from cross site scripting and cross site request forgery related vulnerabilities.
Read more... -
Aerohive NetConfig 10.0r8a Local File Inclusion / Remote Code Execution
PHP Files ≈ Packet Storm Nov 12, 2021 | 17:16 pmThis Metasploit module exploits local file inclusion and log poisoning vulnerabilities (CVE-2020-16152) in Aerohive NetConfig, version 10.0r8a build-242466 and older in order to achieve unauthenticated remote code execution as the root user. NetConfig is the Aerohive/Extreme Networks HiveOS administrative webinterface.[…]
Read more... -
Red Hat Security Advisory 2021-4213-03
PHP Files ≈ Packet Storm Nov 10, 2021 | 17:05 pmRed Hat Security Advisory 2021-4213-03 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include a null pointer vulnerability.
Read more... -
PHP Event Calendar Lite Edition Cross Site Scripting
PHP Files ≈ Packet Storm Nov 5, 2021 | 16:27 pmPHP Event Calendar Lite Edition suffers from a persistent cross site scripting vulnerability.
Read more...
-
Red Hat Security Advisory 2022-0246-04
Operating System: RedHat ≈ Packet Storm Jan 25, 2022 | 16:31 pmRed Hat Security Advisory 2022-0246-04 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
Read more... -
Red Hat Security Advisory 2022-0229-02
Operating System: RedHat ≈ Packet Storm Jan 25, 2022 | 16:29 pmRed Hat Security Advisory 2022-0229-02 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for Windows serves as a[…]
Read more... -
Red Hat Security Advisory 2022-0166-03
Operating System: RedHat ≈ Packet Storm Jan 25, 2022 | 16:25 pmRed Hat Security Advisory 2022-0166-03 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as[…]
Read more... -
Red Hat Security Advisory 2022-0254-03
Operating System: RedHat ≈ Packet Storm Jan 25, 2022 | 16:22 pmRed Hat Security Advisory 2022-0254-03 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.
Read more... -
Red Hat Security Advisory 2022-0228-02
Operating System: RedHat ≈ Packet Storm Jan 25, 2022 | 16:08 pmRed Hat Security Advisory 2022-0228-02 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as[…]
Read more... -
Red Hat Security Advisory 2022-0165-03
Operating System: RedHat ≈ Packet Storm Jan 25, 2022 | 15:53 pmRed Hat Security Advisory 2022-0165-03 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as[…]
Read more... -
Red Hat Security Advisory 2022-0237-03
Operating System: RedHat ≈ Packet Storm Jan 25, 2022 | 15:48 pmRed Hat Security Advisory 2022-0237-03 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train).
Read more... -
Red Hat Security Advisory 2022-0239-02
Operating System: RedHat ≈ Packet Storm Jan 25, 2022 | 15:43 pmRed Hat Security Advisory 2022-0239-02 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure[…]
Read more... -
Red Hat Security Advisory 2022-0232-02
Operating System: RedHat ≈ Packet Storm Jan 24, 2022 | 14:40 pmRed Hat Security Advisory 2022-0232-02 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a heap overflow vulnerability.
Read more... -
Red Hat Security Advisory 2022-0204-04
Operating System: RedHat ≈ Packet Storm Jan 24, 2022 | 14:40 pmRed Hat Security Advisory 2022-0204-04 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include deserialization and integer overflow vulnerabilities.
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more... -
Join us in San Francisco at the 2018 Red Hat Summit
Red Hat Security Blog Blog Posts Apr 23, 2018 | 14:30 pmThis year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]
Read more... -
Certificate Transparency and HTTPS
Red Hat Security Blog Blog Posts Apr 17, 2018 | 15:00 pmGoogle has announced that on April 30, 2018, Chrome will:“...require that all TLS server certificates issued after 30 April, 2018 be compliant with the Chromium CT Policy. After this date, when Chrome connects to a site serving a publicly-trusted certificate[…]
Read more... -
Let's talk about PCI-DSS
Red Hat Security Blog Blog Posts Feb 28, 2018 | 14:30 pmFor those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]
Read more... -
Security is from Mars, Developers are from Venus…...or ARE they?
Red Hat Security Blog Blog Posts Nov 16, 2017 | 15:00 pmIt is a tale as old as time.Developers and security personnel view each other withsuspicion.The perception is that a vast gulf of understanding and ability lies between the two camps.“They can’t possibly understand what it is to do my job!”[…]
Read more... -
Abuse of RESTEasy Default Providers in JBoss EAP
Red Hat Security Blog Blog Posts Oct 18, 2017 | 13:30 pmRed Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]
Read more... -
Kernel Stack Protector and BlueBorne
Red Hat Security Blog Blog Posts Sep 12, 2017 | 11:51 amToday, a security issue called BlueBorne was disclosed, a vulnerability that could be used to attack sensitive systems via the Bluetooth protocol. Specifically, BlueBorne is a flaw where a remote (but physically quite close) attacker could get root on a[…]
Read more...
-
Debian: DSA-5062-1: nss security update
LinuxSecurity Advisories Jan 25, 2022 | 22:06 pm
Read more...
Tavis Ormandy discovered that incorrect parsing of pkcs7 sequences in nss, the Mozilla Network Security Service library, may result in denial of service. -
Debian: DSA-5061-1: wpewebkit security update
LinuxSecurity Advisories Jan 25, 2022 | 19:59 pm
Read more...
The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30934 -
Debian: DSA-5058-1: openjdk-17 security update
LinuxSecurity Advisories Jan 25, 2022 | 19:58 pm
Read more...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure. -
Debian: DSA-5060-1: webkit2gtk security update
LinuxSecurity Advisories Jan 25, 2022 | 19:57 pm
Read more...
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30934 -
Debian: DSA-5059-1: policykit-1 security update
LinuxSecurity Advisories Jan 25, 2022 | 17:46 pm
Read more...
The Qualys Research Labs discovered a local privilege escalation in PolicyKit's pkexec. Details can be found in the Qualys advisory at -
Debian: DSA-5057-1: openjdk-11 security update
LinuxSecurity Advisories Jan 24, 2022 | 19:14 pm
Read more...
Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, bypass of deserialization restrictions or information disclosure. -
Debian: DSA-5056-1: strongswan security update
LinuxSecurity Advisories Jan 24, 2022 | 18:14 pm
Read more...
Zhuowei Zhang discovered a bug in the EAP authentication client code of strongSwan, an IKE/IPsec suite, that may allow to bypass the client and in some scenarios even the server authentication, or could lead to a denial-of-service attack. -
Debian: DSA-5055-1: util-linux security update
LinuxSecurity Advisories Jan 24, 2022 | 11:31 am
Read more...
The Qualys Research Labs discovered two vulnerabilities in util-linux's libmount. These flaws allow an unprivileged user to unmount other users' filesystems that are either world-writable themselves or mounted in a world-writable directory (CVE-2021-3996), or to unmount FUSE filesystems -
Debian: DSA-5054-1: chromium security update
LinuxSecurity Advisories Jan 23, 2022 | 16:33 pm
Read more...
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. -
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Debian ≈ Packet Storm Jul 21, 2021 | 16:10 pmQualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more... -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Ubuntu Security Notice USN-5250-2
Operating System: Ubuntu ≈ Packet Storm Jan 25, 2022 | 16:34 pmUbuntu Security Notice 5250-2 - USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this[…]
Read more... -
Ubuntu Security Notice USN-5250-1
Operating System: Ubuntu ≈ Packet Storm Jan 25, 2022 | 16:18 pmUbuntu Security Notice 5250-1 - Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication.
Read more... -
Ubuntu Security Notice USN-5243-2
Operating System: Ubuntu ≈ Packet Storm Jan 24, 2022 | 14:40 pmUbuntu Security Notice 5243-2 - USN-5243-1 fixed a vulnerability in aide. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this[…]
Read more... -
Ubuntu Security Notice USN-5248-1
Operating System: Ubuntu ≈ Packet Storm Jan 24, 2022 | 14:39 pmUbuntu Security Notice 5248-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain[…]
Read more... -
Ubuntu Security Notice USN-5244-1
Operating System: Ubuntu ≈ Packet Storm Jan 24, 2022 | 14:39 pmUbuntu Security Notice 5244-1 - Daniel Onaca discovered that DBus contained a use-after-free vulnerability, caused by the incorrect handling of usernames sharing the same UID. An attacker could possibly use this issue to cause DBus to crash, resulting in a[…]
Read more... -
Ubuntu Security Notice USN-5246-1
Operating System: Ubuntu ≈ Packet Storm Jan 21, 2022 | 15:31 pmUbuntu Security Notice 5246-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain[…]
Read more... -
Ubuntu Security Notice USN-5249-1
Operating System: Ubuntu ≈ Packet Storm Jan 21, 2022 | 15:31 pmUbuntu Security Notice 5249-1 - It was discovered that USBView allowed unprivileged users to run usbview as root. A local attacker could use this vulnerability to gain administrative privileges or cause a denial of service.
Read more... -
Ubuntu Security Notice USN-5021-2
Operating System: Ubuntu ≈ Packet Storm Jan 20, 2022 | 17:49 pmUbuntu Security Notice 5021-2 - USN-5021-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 16.04 ESM. Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled TELNET connections when the -t option was used on the[…]
Read more... -
Ubuntu Security Notice USN-5242-1
Operating System: Ubuntu ≈ Packet Storm Jan 20, 2022 | 17:49 pmUbuntu Security Notice 5242-1 - It was discovered that Open vSwitch incorrectly handled certain fragmented packets. A remote attacker could possibly use this issue to cause Open vSwitch to consume resources, leading to a denial of service.
Read more... -
Ubuntu Security Notice USN-5243-1
Operating System: Ubuntu ≈ Packet Storm Jan 20, 2022 | 17:49 pmUbuntu Security Notice 5243-1 - David Bouman discovered that AIDE incorrectly handled base64 operations. A local attacker could use this issue to cause AIDE to crash, resulting in a denial of service, or possibly execute arbitrary code.
Read more...
-
Prosody XMPP server advisory 2022-01-13
FreeBSD VuXML Jan 14, 2022 | 00:00 am
Read more... -
WordPress -- Multiple Vulnerabilities
FreeBSD VuXML Jan 13, 2022 | 00:00 am
Read more... -
jenkins -- multiple vulnerabilities
FreeBSD VuXML Jan 12, 2022 | 00:00 am
Read more... -
Gitlab -- Multiple Vulnerabilities
FreeBSD VuXML Jan 12, 2022 | 00:00 am
Read more... -
clamav -- invalid pointer read that may cause a crash
FreeBSD VuXML Jan 12, 2022 | 00:00 am
Read more...