Service (16)
Children categories
Security News (14)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
View items...Workshops (2)
Installationen, Konfigurationen mit Bildern und Videos verständlich erklärt
View items...-
Red Hat Security Advisory 2020-5554-01
Ruby Files ≈ Packet Storm Dec 16, 2020 | 18:09 pmRed Hat Security Advisory 2020-5554-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-4134-01
Ruby Files ≈ Packet Storm Sep 30, 2020 | 15:52 pmRed Hat Security Advisory 2020-4134-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3574-01
Ruby Files ≈ Packet Storm Aug 27, 2020 | 22:29 pmRed Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
Red Hat Security Advisory 2020-3358-01
Ruby Files ≈ Packet Storm Aug 6, 2020 | 17:07 pmRed Hat Security Advisory 2020-3358-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more... -
OpenEMR 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Aug 3, 2020 | 16:52 pmOpenEMR versions 5.0.1 and below authenticated remote code execution exploit written in ruby.
Read more... -
Ruby On Rails 5.0.1 Remote Code Execution
Ruby Files ≈ Packet Storm Jul 27, 2020 | 18:38 pmRuby On Rails version 5.0.1 remote code execution exploit.
Read more... -
Red Hat Security Advisory 2020-2839-01
Ruby Files ≈ Packet Storm Jul 7, 2020 | 16:18 pmRed Hat Security Advisory 2020-2839-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Read more... -
Red Hat Security Advisory 2020-2769-01
Ruby Files ≈ Packet Storm Jun 30, 2020 | 18:04 pmRed Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Keystone 0.9.2
Ruby Files ≈ Packet Storm Jun 23, 2020 | 21:24 pmKeystone is a lightweight multi-platform, multi-architecture assembler framework. Highlight features include multi-architecture, with support for Arm, Arm64 (AArch64/Armv8), Hexagon, Mips, PowerPC, Sparc, SystemZ, and X86 (include 16/32/64bit). It has a clean and lightweight architecture-neutral API. It's implemented in C/C++ languages,[…]
Read more... -
Red Hat Security Advisory 2020-2480-01
Ruby Files ≈ Packet Storm Jun 10, 2020 | 15:12 pmRed Hat Security Advisory 2020-2480-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web[…]
Read more...
Diese Module beschreiben alles, was mit der Administration des Grundsystems verbunden ist. Dazu gehören zum Beispiel Startverhalten, Anwenderverwaltung, Software-Installation und derzeit laufende Prozesse.
Vorbereitung und Installation
Um Webmin auf Ihrem System laufen zu lassen, benötigen Sie einige Pakete, die eventuell in der Standardinstallation Ihrer Distribution nicht vorhanden sind. Mittels yum, apt und Konsorten ist es aber ein Leichtes, diese Packages nachzuziehen. Vor allen Dingen lösen yum und apt die Abhängigkeiten von selbst auf und installieren selbstständig alles Notwendige.
-
Ubuntu Security Notice USN-4668-4
Python Files ≈ Packet Storm Jan 12, 2021 | 16:14 pmUbuntu Security Notice 4668-4 - USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt[…]
Read more... -
Ubuntu Security Notice USN-4668-3
Python Files ≈ Packet Storm Jan 4, 2021 | 17:25 pmUbuntu Security Notice 4668-3 - USN-4668-1 fixed vulnerabilities in python-apt. The update caused a regression when using certain APIs with a file handle. This update fixes the problem. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could[…]
Read more... -
Erlang Bytecode String Converter
Python Files ≈ Packet Storm Dec 21, 2020 | 17:30 pmestr2bc is a python script to convert arbitrary string input to Erlang bytecode.
Read more... -
Red Hat Security Advisory 2020-5581-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:19 pmRed Hat Security Advisory 2020-5581-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include code execution and denial of service vulnerabilities.
Read more... -
Red Hat Security Advisory 2020-5571-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:19 pmRed Hat Security Advisory 2020-5571-01 - python-XStatic-Bootstrap-SCSS is the Bootstrap-SCSS JavaScript library packaged for setuptools / pip. Issues addressed include a cross site scripting vulnerability.
Read more... -
Red Hat Security Advisory 2020-5412-01
Python Files ≈ Packet Storm Dec 16, 2020 | 18:08 pmRed Hat Security Advisory 2020-5412-01 - python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools. Issues addressed include a code execution vulnerability.
Read more... -
Red Hat Security Advisory 2020-5435-01
Python Files ≈ Packet Storm Dec 15, 2020 | 15:41 pmRed Hat Security Advisory 2020-5435-01 - The python-rtslib package provides a Python library to configure the kernel target subsystem, using the configfs file system.
Read more... -
Ubuntu Security Notice USN-4668-1
Python Files ≈ Packet Storm Dec 10, 2020 | 16:04 pmUbuntu Security Notice 4668-1 - Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt to consume resources, leading to a denial of service.
Read more... -
Ubuntu Security Notice USN-4668-2
Python Files ≈ Packet Storm Dec 10, 2020 | 15:57 pmUbuntu Security Notice 4668-2 - USN-4668-1 fixed vulnerabilities in python-apt. That update caused a regression by removing information describing the Ubuntu 20.10 release from the Ubuntu templates. This update fixes the problem by restoring this information. Various other issues were[…]
Read more... -
Red Hat Security Advisory 2020-5249-01
Python Files ≈ Packet Storm Nov 30, 2020 | 15:51 pmRed Hat Security Advisory 2020-5249-01 - Fixed two jQuery vulnerabilities Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP requests by default Updated several dependencies of Ansible Tower's User Interface to address Updated to the latest[…]
Read more...
-
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more... -
Sony IPELA Network Camera Remote Stack Buffer Overflow
CGI Files ≈ Packet Storm Oct 1, 2020 | 15:09 pmSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]
Read more... -
TP-Link Cloud Cameras NCXXX Bonjour Command Injection
CGI Files ≈ Packet Storm Sep 18, 2020 | 17:11 pmTP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place[…]
Read more... -
Go CGI / FastCGI Transport Cross Site Scripting
CGI Files ≈ Packet Storm Sep 2, 2020 | 15:00 pmThe CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting[…]
Read more... -
Geutebruck testaction.cgi Remote Command Execution
CGI Files ≈ Packet Storm Aug 17, 2020 | 17:40 pmThis Metasploit module exploits an authenticated arbitrary command execution vulnerability within the 'server' GET parameter of the /uapi-cgi/testaction.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions
Read more... -
Cayin CMS NTP Server 11.0 Remote Code Execution
CGI Files ≈ Packet Storm Jun 18, 2020 | 16:04 pmThis Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to[…]
Read more... -
Cayin Content Management Server 11.0 Root Remote Command Injection
CGI Files ≈ Packet Storm Jun 4, 2020 | 19:29 pmCAYIN CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the NTP_Server_IP HTTP POST parameter in system.cgi page.
Read more...
snaplitics made a real revolution in the industry.
-
PHP-Fusion 9.03.90 Cross Site Request Forgery
PHP Files ≈ Packet Storm Jan 15, 2021 | 14:59 pmPHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
Read more... -
WordPress AIT CSV Import/Export 3.0.3 Shell Upload
PHP Files ≈ Packet Storm Jan 12, 2021 | 16:32 pmWordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse[…]
Read more... -
WordPress wpDiscuz 7.0.4 Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:28 pmThis Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable server.
Read more... -
Practical PHP Security
PHP Files ≈ Packet Storm Jan 8, 2021 | 15:18 pmWhitepaper called Practical PHP Security.
Read more... -
WordPress Autoptimize Shell Upload
PHP Files ≈ Packet Storm Jan 8, 2021 | 14:49 pmWordPress Autoptimize plugin suffers from a remote shell upload vulnerability. The ao_ccss_import AJAX call does not ensure that the file provided is a legitimate zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote[…]
Read more... -
qdPM 9.1 PHP Object Injection
PHP Files ≈ Packet Storm Dec 31, 2020 | 15:07 pmqdPM versions 9.1 and below suffer from an executeExport PHP object injection vulnerability.
Read more... -
Gentoo Linux Security Advisory 202012-16
PHP Files ≈ Packet Storm Dec 24, 2020 | 17:17 pmGentoo Linux Security Advisory 202012-16 - Multiple vulnerabilities have been found in PHP, the worst of which could result in a Denial of Service condition. Versions less than 8.0.0 are affected.
Read more... -
TerraMaster TOS 4.2.06 Remote Code Execution
PHP Files ≈ Packet Storm Dec 23, 2020 | 17:08 pmThis Metasploit module exploits an unauthenticated command execution vulnerability in TerraMaster TOS version 4.2.06 leveraging include/makecvs.php.
Read more... -
WordPress Yet Another Stars Rating PHP Object Injection
PHP Files ≈ Packet Storm Dec 18, 2020 | 18:58 pmThis Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability.
Read more... -
Onilne Bus Booking System Project 1.0 Cross Site Scripting
PHP Files ≈ Packet Storm Dec 11, 2020 | 21:16 pmOnline Bus Booking System Project using PHP MySQL version 1.0 suffers from a persistent cross site scripting vulnerability.
Read more...
-
Red Hat Security Advisory 2021-0146-01
Operating System: RedHat ≈ Packet Storm Jan 15, 2021 | 15:06 pmRed Hat Security Advisory 2021-0146-01 - Red Hat OpenShift Serverless 1.12.0 is a generally available release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform version 4.6, and includes[…]
Read more... -
Red Hat Security Advisory 2021-0145-01
Operating System: RedHat ≈ Packet Storm Jan 14, 2021 | 15:22 pmRed Hat Security Advisory 2021-0145-01 - Red Hat OpenShift Serverless Client kn CLI is delivered as an RPM package for installation on RHEL platforms, and as binaries for non-Linux platforms. Red Hat OpenShift Serverless Client kn 1.12.0 provides a CLI[…]
Read more... -
Red Hat Security Advisory 2021-0136-01
Operating System: RedHat ≈ Packet Storm Jan 14, 2021 | 15:18 pmRed Hat Security Advisory 2021-0136-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2021-0106-01
Operating System: RedHat ≈ Packet Storm Jan 13, 2021 | 23:19 pmRed Hat Security Advisory 2021-0106-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business[…]
Read more... -
Red Hat Security Advisory 2021-0030-01
Operating System: RedHat ≈ Packet Storm Jan 13, 2021 | 23:19 pmRed Hat Security Advisory 2021-0030-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Read more... -
Red Hat Security Advisory 2021-0110-01
Operating System: RedHat ≈ Packet Storm Jan 13, 2021 | 23:19 pmRed Hat Security Advisory 2021-0110-01 - This release of Red Hat Integration - Camel K - Tech-Preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked[…]
Read more... -
Red Hat Security Advisory 2021-0114-01
Operating System: RedHat ≈ Packet Storm Jan 13, 2021 | 23:19 pmRed Hat Security Advisory 2021-0114-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security[…]
Read more... -
Red Hat Security Advisory 2021-0105-01
Operating System: RedHat ≈ Packet Storm Jan 13, 2021 | 23:18 pmRed Hat Security Advisory 2021-0105-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process[…]
Read more... -
Red Hat Security Advisory 2021-0095-01
Operating System: RedHat ≈ Packet Storm Jan 13, 2021 | 15:19 pmRed Hat Security Advisory 2021-0095-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security[…]
Read more... -
Red Hat Security Advisory 2021-0094-01
Operating System: RedHat ≈ Packet Storm Jan 13, 2021 | 15:18 pmRed Hat Security Advisory 2021-0094-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are[…]
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmLanguage EnglishMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Debian: DSA-4832-1: chromium security update
Advisories Jan 16, 2021 | 09:06 am
Read more...
Multiple security issues were discovered in the Chromium web browser, which could result in the execution of arbitrary code, denial of service or information disclosure. -
Debian: DSA-4831-1: ruby-redcarpet security update
Advisories Jan 15, 2021 | 08:09 am
Read more...
Johan Smits discovered that ruby-redcarpet, a markdown parser, did not properly validate its input. This would allow an attacker to mount a cross-site scripting attack. -
Debian: DSA-4830-1: flatpak security update
Advisories Jan 14, 2021 | 14:16 pm
Read more...
Simon McVittie discovered a bug in the flatpak-portal service that can allow sandboxed applications to execute arbitrary code on the host system (a sandbox escape). -
Debian: DSA-4829-1: coturn security update
Advisories Jan 11, 2021 | 08:57 am
Read more...
A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses (127.x.x.x and ::1). A remote attacker can bypass the protection via a specially crafted request using[…] -
Debian: DSA-4828-1: libxstream-java security update
Advisories Jan 7, 2021 | 17:52 pm
Read more...
Liaogui Zhong discovered two security issues in XStream, a Java library to serialise objects to XML and back again, which could result in the deletion of files or server-side request forgery when unmarshalling. -
Debian: DSA-4827-1: firefox-esr security update
Advisories Jan 7, 2021 | 16:49 pm
Read more...
A security issue was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in -
Debian: DSA-4826-1: nodejs security update
Advisories Jan 6, 2021 | 17:02 pm
Read more...
Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code or HTTP request smuggling. -
Debian: DSA-4806-2: minidlna regression update
Advisories Jan 5, 2021 | 15:58 pm
Read more...
The update for minidlna released as DSA 4806-1 introduced a regression when purging the package. Updated minidlna packages are now available to correct this issue. -
Debian: DSA-4825-1: dovecot security update
Advisories Jan 4, 2021 | 10:23 am
Read more...
Several vulnerabilities have been discovered in the Dovecot email server. CVE-2020-24386 -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4620-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4620-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Ubuntu Security Notice USN-4693-1
Operating System: Ubuntu ≈ Packet Storm Jan 15, 2021 | 15:41 pmUbuntu Security Notice 4693-1 - It was discovered that an SQL injection vulnerability exists in the Ampache search engine. Any user able to perform searches could dump any data contained in the database. An attacker could use this to disclose[…]
Read more... -
Ubuntu Security Notice USN-4694-1
Operating System: Ubuntu ≈ Packet Storm Jan 15, 2021 | 15:13 pmUbuntu Security Notice 4694-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment[…]
Read more... -
Ubuntu Security Notice USN-4691-1
Operating System: Ubuntu ≈ Packet Storm Jan 13, 2021 | 23:19 pmUbuntu Security Notice 4691-1 - Jonas Rudloff discovered that Open vSwitch incorrectly handled certain malformed LLDP packets. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary[…]
Read more... -
Ubuntu Security Notice USN-4692-1
Operating System: Ubuntu ≈ Packet Storm Jan 13, 2021 | 23:19 pmUbuntu Security Notice 4692-1 - Chris Siebenmann discovered that tar incorrectly handled extracting files resized during extraction when invoked with the --sparse flag. An attacker could possibly use this issue to cause a denial of service. This issue only affected[…]
Read more... -
Ubuntu Security Notice USN-4690-1
Operating System: Ubuntu ≈ Packet Storm Jan 13, 2021 | 15:21 pmUbuntu Security Notice 4690-1 - It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface.
Read more... -
Ubuntu Security Notice USN-4689-2
Operating System: Ubuntu ≈ Packet Storm Jan 12, 2021 | 16:26 pmUbuntu Security Notice 4689-2 - USN-4689-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. It was discovered that the NVIDIA GPU display driver for the Linux kernel contained[…]
Read more... -
Ubuntu Security Notice USN-4649-2
Operating System: Ubuntu ≈ Packet Storm Jan 12, 2021 | 16:20 pmUbuntu Security Notice 4649-2 - USN-4649-1 fixed vulnerabilities in xdg-utils. That update caused a regression by removing the --attach functionality in thunderbird and others applications. This update fix the problem by reverting these changes. Jens Mueller discovered that xdg-utils incorrectly[…]
Read more... -
Ubuntu Security Notice USN-4689-1
Operating System: Ubuntu ≈ Packet Storm Jan 12, 2021 | 16:16 pmUbuntu Security Notice 4689-1 - It was discovered that the NVIDIA GPU display driver for the Linux kernel contained a vulnerability that allowed user-mode clients to access legacy privileged APIs. A local attacker could use this to cause a denial[…]
Read more... -
Ubuntu Security Notice USN-4668-4
Operating System: Ubuntu ≈ Packet Storm Jan 12, 2021 | 16:14 pmUbuntu Security Notice 4668-4 - USN-4668-1 fixed a vulnerability in python-apt. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that python-apt incorrectly handled resources. A local attacker could possibly use this issue to cause python-apt[…]
Read more... -
Ubuntu Security Notice USN-4667-2
Operating System: Ubuntu ≈ Packet Storm Jan 12, 2021 | 16:13 pmUbuntu Security Notice 4667-2 - USN-4667-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 14.04 ESM. Kevin Backhouse discovered that APT incorrectly handled certain packages. A local attacker could possibly use this issue to cause[…]
Read more...
-
moinmoin -- multiple vulnerabilities
FreeBSD VuXML Jan 18, 2021 | 00:00 am
Read more... -
Ghostscript -- SAFER Sandbox Breakout
FreeBSD VuXML Jan 17, 2021 | 00:00 am
Read more... -
wavpack -- integer overflow in pack_utils.c
FreeBSD VuXML Jan 14, 2021 | 00:00 am
Read more... -
Node.js -- January 2021 Security Releases
FreeBSD VuXML Jan 14, 2021 | 00:00 am
Read more... -
Gitlab -- vulnerability
FreeBSD VuXML Jan 14, 2021 | 00:00 am
Read more... -
jenkins -- multiple vulnerabilities
FreeBSD VuXML Jan 13, 2021 | 00:00 am
Read more... -
phpmyfaq -- XSS vulnerability
FreeBSD VuXML Jan 12, 2021 | 00:00 am
Read more... -
sudo -- Potential information leak in sudoedit
FreeBSD VuXML Jan 11, 2021 | 00:00 am
Read more...