Service (16)
Children categories
Security News (14)
Im Sinne der Aktualität sind diese News grösstenteils in englischer Sprache. Falls nötig, bitte die Übersetzungsfunktion verwenden.
View items...Workshops (2)
Installationen, Konfigurationen mit Bildern und Videos verständlich erklärt
View items...-
Red Hat Security Advisory 2021-3020-01
Ruby Files ≈ Packet Storm Aug 6, 2021 | 14:01 pmRed Hat Security Advisory 2021-3020-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
Read more... -
Ubuntu Security Notice USN-5020-1
Ruby Files ≈ Packet Storm Jul 21, 2021 | 16:20 pmUbuntu Security Notice 5020-1 - It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. It was discovered that Ruby incorrectly handled certain inputs. An attacker could possibly use this[…]
Read more... -
Red Hat Security Advisory 2021-2588-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:21 pmRed Hat Security Advisory 2021-2588-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information[…]
Read more... -
Red Hat Security Advisory 2021-2587-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:20 pmRed Hat Security Advisory 2021-2587-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and[…]
Read more... -
Red Hat Security Advisory 2021-2584-01
Ruby Files ≈ Packet Storm Jun 30, 2021 | 15:18 pmRed Hat Security Advisory 2021-2584-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Monitorr 1.7.6m Bypass / Information Disclosure / Shell Upload
Ruby Files ≈ Packet Storm Jun 23, 2021 | 15:54 pmThis ruby script is a 4-in-1 exploit that leverages shell upload, bypass, and information disclosure vulnerabilities in Monitorr version 1.7.6m.
Read more... -
Red Hat Security Advisory 2021-2229-01
Ruby Files ≈ Packet Storm Jun 3, 2021 | 15:23 pmRed Hat Security Advisory 2021-2229-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
Read more... -
Red Hat Security Advisory 2021-2230-01
Ruby Files ≈ Packet Storm Jun 3, 2021 | 15:13 pmRed Hat Security Advisory 2021-2230-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information[…]
Read more... -
Red Hat Security Advisory 2021-2104-01.tt
Ruby Files ≈ Packet Storm May 25, 2021 | 14:44 pmRed Hat Security Advisory 2021-2104-01.tt - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and[…]
Read more... -
OpenNetAdmin 18.1.1 Remote Command Execution
Ruby Files ≈ Packet Storm May 10, 2021 | 14:30 pmOpenNetAdmin versions 8.5.14 through 18.1.1 remote command execution exploit written in Ruby. This exploit was based on the original discovery of the issue by mattpascoe.
Read more...
Diese Module beschreiben alles, was mit der Administration des Grundsystems verbunden ist. Dazu gehören zum Beispiel Startverhalten, Anwenderverwaltung, Software-Installation und derzeit laufende Prozesse.
Vorbereitung und Installation
Um Webmin auf Ihrem System laufen zu lassen, benötigen Sie einige Pakete, die eventuell in der Standardinstallation Ihrer Distribution nicht vorhanden sind. Mittels yum, apt und Konsorten ist es aber ein Leichtes, diese Packages nachzuziehen. Vor allen Dingen lösen yum und apt die Abhängigkeiten von selbst auf und installieren selbstständig alles Notwendige.
-
Red Hat Security Advisory 2021-3490-01
Python Files ≈ Packet Storm Sep 15, 2021 | 15:10 pmRed Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
Read more... -
Rencode Denial Of Service
Python Files ≈ Packet Storm Sep 8, 2021 | 14:28 pmThe Rencode python module for object serialization suffers from a 3-byte denial of service vulnerability.
Read more... -
nfstream 6.3.4
Python Files ≈ Packet Storm Sep 3, 2021 | 15:29 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more... -
Red Hat Security Advisory 2021-3366-01
Python Files ≈ Packet Storm Aug 31, 2021 | 16:31 pmRed Hat Security Advisory 2021-3366-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2021-3254-01
Python Files ≈ Packet Storm Aug 30, 2021 | 03:33 amRed Hat Security Advisory 2021-3254-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2021-3252-01
Python Files ≈ Packet Storm Aug 27, 2021 | 18:22 pmRed Hat Security Advisory 2021-3252-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as[…]
Read more... -
Red Hat Security Advisory 2021-2760-01
Python Files ≈ Packet Storm Jul 19, 2021 | 15:38 pmRed Hat Security Advisory 2021-2760-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or[…]
Read more... -
Red Hat Security Advisory 2021-2758-01
Python Files ≈ Packet Storm Jul 15, 2021 | 19:32 pmRed Hat Security Advisory 2021-2758-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or[…]
Read more... -
Stegano 0.9.9
Python Files ≈ Packet Storm Jul 5, 2021 | 16:43 pmStegano is a basic Python Steganography module. Stegano implements two methods of hiding: using the red portion of a pixel to hide ASCII messages, and using the Least Significant Bit (LSB) technique. It is possible to use a more advanced[…]
Read more... -
nfstream 6.3.3
Python Files ≈ Packet Storm Jul 2, 2021 | 16:27 pmnfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world[…]
Read more...
-
Geutebruck Remote Command Execution
CGI Files ≈ Packet Storm Sep 2, 2021 | 15:36 pmThis Metasploit module bypasses the HTTP basic authentication used to access the /uapi-cgi/ folder and exploits multiple authenticated arbitrary command execution vulnerabilities within the parameters of various pages on Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices[…]
Read more... -
IPFire 2.25 Remote Code Execution
CGI Files ≈ Packet Storm Jun 15, 2021 | 15:18 pmThis Metasploit module exploits an authenticated command injection vulnerability in the /cgi-bin/pakfire.cgi web page of IPFire devices running versions 2.25 Core Update 156 and prior to execute arbitrary code as the root user.
Read more... -
Ubuntu Security Notice USN-4886-1
CGI Files ≈ Packet Storm Mar 23, 2021 | 16:33 pmUbuntu Security Notice 4886-1 - It was discovered that Privoxy incorrectly handled CGI requests. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. It was discovered that Privoxy incorrectly handled certain regular[…]
Read more... -
KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 Unauthenticated Configuration Download
CGI Files ≈ Packet Storm Mar 19, 2021 | 16:52 pmKZTech/JatonTec/Neotel JT3500V 4G LTE CPE version 2.0.1 is susceptible to an unauthenticated configuration disclosure when direct object reference is made to the export_settings.cgi file using an HTTP GET request. This will enable the attacker to disclose sensitive information and help[…]
Read more... -
Cisco UCS Manager 2.2(1d) Remote Command Execution
CGI Files ≈ Packet Storm Jan 18, 2021 | 15:47 pmCisco UCS Manager version 2.2(1d) remote command execution exploit. An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote[…]
Read more... -
ZeroShell 3.9.0 Remote Command Execution
CGI Files ≈ Packet Storm Nov 24, 2020 | 15:34 pmThis Metasploit module exploits an unauthenticated command injection vulnerability found in ZeroShell version 3.9.0 in the "/cgi-bin/kerbynet" url. As sudo is configured to execute /bin/tar without a password (NOPASSWD) it is possible to run root commands using the "checkpoint" tar[…]
Read more... -
ASUS TM-AC1900 Arbitrary Command Execution
CGI Files ≈ Packet Storm Nov 13, 2020 | 16:00 pmThis Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses[…]
Read more... -
D-Link DSR-250N Denial Of Service
CGI Files ≈ Packet Storm Oct 8, 2020 | 16:50 pmRedTeam Pentesting discovered a denial of service vulnerability in the D-Link DSR-250N device which allows unauthenticated attackers in the same local network to execute a CGI script that reboots the device. Version 3.12 is confirmed affected.
Read more... -
Ubuntu Security Notice USN-4569-1
CGI Files ≈ Packet Storm Oct 5, 2020 | 17:21 pmUbuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when[…]
Read more... -
Sony IPELA Network Camera Remote Stack Buffer Overflow
CGI Files ≈ Packet Storm Oct 1, 2020 | 15:09 pmSony IPELA Network Camera SNC-DH120T version 1.82.01 suffers from a remote stack buffer overflow vulnerability. The vulnerability is caused due to a boundary error in the processing of received FTP traffic through the FTP client functionality (ftpclient.cgi), which can be[…]
Read more...
snaplitics made a real revolution in the industry.
-
elFinder Archive Command Injection
PHP Files ≈ Packet Storm Sep 15, 2021 | 15:30 pmelFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the[…]
Read more... -
AHSS-PHP 1.0 Cross Site Scripting / SQL Injection
PHP Files ≈ Packet Storm Sep 15, 2021 | 15:15 pmAHSS-PHP version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
Read more... -
POMS-PHP 1.0 SQL Injection
PHP Files ≈ Packet Storm Sep 9, 2021 | 10:22 amPOMS-PHP version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
Read more... -
Firebase PHP-JWT Algorithm Confusion
PHP Files ≈ Packet Storm Aug 15, 2021 | 10:11 amFirebase's PHP-JWT suffers from an algorithm confusion issue. Proof of concept code included.
Read more... -
COVID19 Testing Management System 1.0 SQL Injection
PHP Files ≈ Packet Storm Aug 12, 2021 | 15:39 pmCOVID19 Testing Management System version 1.0 suffers from a remote SQL injection vulnerability leveraging the searchdata parameter on the patient-search-report.php page. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke[…]
Read more... -
Red Hat Security Advisory 2021-2992-01
PHP Files ≈ Packet Storm Aug 3, 2021 | 14:47 pmRed Hat Security Advisory 2021-2992-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include bypass, null pointer, and server-side request forgery vulnerabilities.
Read more... -
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
PHP Files ≈ Packet Storm Aug 3, 2021 | 14:31 pmHotel Management System version 1.0 exploit that leverages a blind cross site scripting attack against the admin to have a reverse PHP shell uploaded.
Read more... -
PHP 7.3.15-3 PHP_SESSION_UPLOAD_PROGRESS Session Data Injection
PHP Files ≈ Packet Storm Jul 27, 2021 | 14:46 pmPHP version 7.3.15-3 suffers from a PHP_SESSION_UPLOAD_PROGRESS session data injection vulnerability.
Read more... -
WordPress SP Project And Document Remote Code Execution
PHP Files ≈ Packet Storm Jul 26, 2021 | 16:20 pmThis Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress SP Project and Document plugin versions prior to 4.22. The security check only searches for[…]
Read more... -
WordPress Modern Events Calendar Remote Code Execution
PHP Files ≈ Packet Storm Jul 26, 2021 | 16:16 pmThis Metasploit module allows an attacker with a privileged WordPress account to launch a reverse shell due to an arbitrary file upload vulnerability in WordPress Modern Events Calendar plugin versions prior to 5.16.5. This is due to an incorrect check[…]
Read more...
-
Red Hat Security Advisory 2021-3555-01
Operating System: RedHat ≈ Packet Storm Sep 16, 2021 | 16:11 pmRed Hat Security Advisory 2021-3555-01 - Red Hat OpenShift Serverless Client kn 1.17.0 provides a CLI to interact with Red Hat OpenShift Serverless 1.17.0. The kn CLI is delivered as an RPM package for installation on RHEL platforms, and as[…]
Read more... -
Red Hat Security Advisory 2021-3546-01
Operating System: RedHat ≈ Packet Storm Sep 15, 2021 | 15:27 pmRed Hat Security Advisory 2021-3546-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.
Read more... -
Red Hat Security Advisory 2021-3547-01
Operating System: RedHat ≈ Packet Storm Sep 15, 2021 | 15:27 pmRed Hat Security Advisory 2021-3547-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Read more... -
Red Hat Security Advisory 2021-3548-01
Operating System: RedHat ≈ Packet Storm Sep 15, 2021 | 15:27 pmRed Hat Security Advisory 2021-3548-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
Read more... -
Red Hat Security Advisory 2021-3488-01
Operating System: RedHat ≈ Packet Storm Sep 15, 2021 | 15:16 pmRed Hat Security Advisory 2021-3488-01 - Neutron is a virtual network service for OpenStack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers, Neutron provides an API to dynamically request and configure virtual networks. These[…]
Read more... -
Red Hat Security Advisory 2021-3487-01
Operating System: RedHat ≈ Packet Storm Sep 15, 2021 | 15:12 pmRed Hat Security Advisory 2021-3487-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train).
Read more... -
Red Hat Security Advisory 2021-3490-01
Operating System: RedHat ≈ Packet Storm Sep 15, 2021 | 15:10 pmRed Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
Read more... -
Red Hat Security Advisory 2021-3534-01
Operating System: RedHat ≈ Packet Storm Sep 14, 2021 | 16:31 pmRed Hat Security Advisory 2021-3534-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On[…]
Read more... -
Red Hat Security Advisory 2021-3527-01
Operating System: RedHat ≈ Packet Storm Sep 14, 2021 | 16:24 pmRed Hat Security Advisory 2021-3527-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On[…]
Read more... -
Red Hat Security Advisory 2021-3529-01
Operating System: RedHat ≈ Packet Storm Sep 14, 2021 | 16:21 pmRed Hat Security Advisory 2021-3529-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On[…]
Read more... -
The Product Security Blog has moved!
Red Hat Security Blog Blog Posts Mar 19, 2019 | 19:38 pmRed Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]
Read more... -
Security Technologies: FORTIFY_SOURCE
Red Hat Security Blog Blog Posts Sep 26, 2018 | 13:30 pmFORTIFY_SOURCE provides lightweight compile and runtime protection to some memory and string functions (original patch to gcc was submitted by Red Hat). It is supposed to have no or a very small runtime overhead and can be enabled for all[…]
Read more... -
New Red Hat Product Security OpenPGP key
Red Hat Security Blog Blog Posts Aug 22, 2018 | 13:30 pmRed Hat Product Security has transitioned from using its old 1024-bit DSA OpenPGP key to a new 4096-bit RSA OpenPGP key.This was done to improve the long-term security of our communications with our customers and also to meet current key[…]
Read more... -
Security Technologies: Stack Smashing Protection (StackGuard)
Red Hat Security Blog Blog Posts Aug 20, 2018 | 13:30 pm
Read more...
In our previous blog, we saw how arbitrary code execution resulting from stack-buffer overflows can be partly mitigated by marking segments of memory as non-executable, a technology known as Execshield. However stack-buffer overflow exploits can still effectively overwrite the function[…] -
Managing risk in the modern world
Red Hat Security Blog Blog Posts Aug 14, 2018 | 15:30 pm
Read more...
Things can be pretty scary out there today. There are a lot of things that could occur that make even the calmest amongst us take pause. Everything we do is a series of risk-based decisions that we hope leads to[…] -
How SELinux helps mitigate risk while facilitating compliance
Red Hat Security Blog Blog Posts Aug 9, 2018 | 13:30 pmMany of our customers are required to meet a variety of regulatory requirements. Red Hat Enterprise Linux includes security technologies that help meet these requirements. Improving Linux security also benefits our layered products, such as Red Hat OpenShift Container Platform[…]
Read more... -
Security Technologies: ExecShield
Red Hat Security Blog Blog Posts Jul 25, 2018 | 13:30 pm
Read more...
The world of computer security has changed dramatically in the last few years. Keeping your operating system updated with the latest security patches is no longer sufficient. Operating system providers need to be more proactive in combating security problems. A[…] -
SPECTRE Variant 1 scanning tool
Red Hat Security Blog Blog Posts Jul 18, 2018 | 13:30 pmAs part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]
Read more... -
Insights Security Hardening Rules
Red Hat Security Blog Blog Posts Jul 12, 2018 | 13:30 pmMany users of Red Hat Insights are familiar with the security rules we create to alert them about security vulnerabilities on their system, especially concerning high-profile issues such as Spectre/Meltdown or Heartbleed. In this post, I'd like to talk about[…]
Read more... -
Red Hat’s disclosure process
Red Hat Security Blog Blog Posts Jul 10, 2018 | 13:00 pmLast week, a vulnerability (CVE-2018-10892) that affected CRI-O, Buildah, Podman, and Docker was made public before some affected upstream projects were notified. We regret that this was not handled in a way that lives up to our own standards around[…]
Read more...
-
Debian: DSA-4973-1: thunderbird security update
Advisories Sep 10, 2021 | 16:21 pm
Read more...
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution (buster), this problem has been fixed -
Debian: DSA-4972-1: ghostscript security update
Advisories Sep 10, 2021 | 08:16 am
Read more...
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter, does not properly validate access for the "%pipe%", "%handle%" and "%printer%" io devices, which could result in the execution of arbitrary code if a malformed Postscript file is processed (despite the[…] -
Debian: DSA-4971-1: ntfs-3g security update
Advisories Sep 9, 2021 | 15:15 pm
Read more...
Several vulnerabilities were discovered in NTFS-3G, a read-write NTFS driver for FUSE. A local user can take advantage of these flaws for local root privilege escalation. -
Debian: DSA-4970-1: postorius security update
Advisories Sep 9, 2021 | 13:52 pm
Read more...
Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when unsubscribing. -
Debian: DSA-4969-1: firefox-esr security update
Advisories Sep 9, 2021 | 13:49 pm
Read more...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code. -
Debian: DSA-4968-1: haproxy security update
Advisories Sep 7, 2021 | 16:58 pm
Read more...
Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, could result in request smuggling attacks or response splitting attacks. -
Debian: DSA-4967-1: squashfs-tools security update
Advisories Sep 4, 2021 | 17:24 pm
Read more...
Etienne Stalmans discovered that unsquashfs in squashfs-tools, the tools to create and extract Squashfs filesystems, does not validate filenames for traversal outside of the destination directory. An attacker can take advantage of this flaw for writing to arbitrary files to[…] -
Debian: DSA-4966-1: gpac security update
Advisories Aug 31, 2021 | 17:07 pm
Read more...
Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code. The oldstable distribution (buster) is not affected. -
Debian: DSA-4965-1: libssh security update
Advisories Aug 31, 2021 | 10:43 am
Read more...
It was discovered that a buffer overflow in rekeying in libssh could result in denial of service or potentially the execution of arbitrary code. -
Sequoia: A Deep Root In Linux's Filesystem Layer
Operating System: Debian ≈ Packet Storm Jul 21, 2021 | 16:10 pmQualys discovered a size_t-to-int conversion vulnerability in the Linux kernel's filesystem layer: by creating, mounting, and deleting a deep directory structure whose total path length exceeds 1GB, an unprivileged local attacker can write the 10-byte string "//deleted" to an offset[…]
Read more... -
Ubuntu Security Notice USN-4530-1
Operating System: Debian ≈ Packet Storm Sep 22, 2020 | 18:23 pmUbuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
Read more... -
Debian Security Advisory 4633-1
Operating System: Debian ≈ Packet Storm Feb 25, 2020 | 15:20 pmDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
Read more... -
Debian Security Advisory 4629-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:38 pmDebian Linux Security Advisory 4629-1 - Simon Charette discovered that Django, a high-level Python web development framework, did not properly handle input in its PostgreSQL module. A remote attacker could leverage this to perform SQL injection attacks.
Read more... -
Debian Security Advisory 4628-1
Operating System: Debian ≈ Packet Storm Feb 19, 2020 | 15:28 pmDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4626-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:05 pmDebian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
Read more... -
Debian Security Advisory 4627-1
Operating System: Debian ≈ Packet Storm Feb 18, 2020 | 15:04 pmDebian Linux Security Advisory 4627-1 - Cross site scripting, denial of service, and various other vulnerabilities have been discovered in the webkit2gtk web engine.
Read more... -
Debian Security Advisory 4625-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 18:02 pmDebian Linux Security Advisory 4625-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.
Read more... -
Debian Security Advisory 4624-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 17:31 pmDebian Linux Security Advisory 4624-1 - Several vulnerabilities were discovered in evince, a simple multi-page document viewer.
Read more... -
Debian Security Advisory 4621-1
Operating System: Debian ≈ Packet Storm Feb 17, 2020 | 16:41 pmDebian Linux Security Advisory 4621-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in denial of service, incorrect implementation of Kerberos GSSAPI and TGS requests or incorrect TLS handshakes.
Read more...
-
Ubuntu Security Notice USN-5078-2
Operating System: Ubuntu ≈ Packet Storm Sep 16, 2021 | 16:11 pmUbuntu Security Notice 5078-2 - USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary[…]
Read more... -
Ubuntu Security Notice USN-5080-1
Operating System: Ubuntu ≈ Packet Storm Sep 16, 2021 | 16:11 pmUbuntu Security Notice 5080-1 - It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information.
Read more... -
Ubuntu Security Notice USN-5079-2
Operating System: Ubuntu ≈ Packet Storm Sep 15, 2021 | 15:28 pmUbuntu Security Notice 5079-2 - USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from[…]
Read more... -
Ubuntu Security Notice USN-5079-1
Operating System: Ubuntu ≈ Packet Storm Sep 15, 2021 | 15:27 pmUbuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly[…]
Read more... -
Ubuntu Security Notice USN-5078-1
Operating System: Ubuntu ≈ Packet Storm Sep 15, 2021 | 15:09 pmUbuntu Security Notice 5078-1 - Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.
Read more... -
Ubuntu Security Notice USN-5077-2
Operating System: Ubuntu ≈ Packet Storm Sep 15, 2021 | 15:06 pmUbuntu Security Notice 5077-2 - USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maik M
Read more... -
Ubuntu Security Notice USN-5077-1
Operating System: Ubuntu ≈ Packet Storm Sep 14, 2021 | 16:31 pmUbuntu Security Notice 5077-1 - Maik Münch and Stephen Roettger discovered that Apport incorrectly handled certain information gathering operations. A local attacker could use this issue to gain read access to arbitrary files, possibly containing sensitive information.
Read more... -
Ubuntu Security Notice USN-5076-1
Operating System: Ubuntu ≈ Packet Storm Sep 13, 2021 | 19:11 pmUbuntu Security Notice 5076-1 - It was discovered that Git allowed newline characters in certain repository paths. An attacker could potentially use this issue to perform cross-protocol requests.
Read more... -
Ubuntu Security Notice USN-5075-1
Operating System: Ubuntu ≈ Packet Storm Sep 12, 2021 | 18:22 pmUbuntu Security Notice 5075-1 - It was discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary[…]
Read more... -
Ubuntu Security Notice USN-5073-1
Operating System: Ubuntu ≈ Packet Storm Sep 11, 2021 | 19:22 pmUbuntu Security Notice 5073-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a[…]
Read more...
-
seatd-launch -- privilege escalation with SUID
FreeBSD VuXML Sep 16, 2021 | 00:00 am
Read more... -
chromium -- multiple vulnerabilities
FreeBSD VuXML Sep 14, 2021 | 00:00 am
Read more... -
Matrix clients -- several vulnerabilities
FreeBSD VuXML Sep 13, 2021 | 00:00 am
Read more... -
consul -- rpc: authorize raft requests
FreeBSD VuXML Sep 11, 2021 | 00:00 am
Read more... -
go -- archive/zip: overflow in preallocation check can cause OOM panic
FreeBSD VuXML Sep 10, 2021 | 00:00 am
Read more... -
Python -- multiple vulnerabilities
FreeBSD VuXML Sep 9, 2021 | 00:00 am
Read more... -
MPD5 PPPoE Server remotely exploitable crash
FreeBSD VuXML Sep 9, 2021 | 00:00 am
Read more...