Astra Linux - уязвимость в ansible

Ansible-playbook -k and Ansible CLI tools, all versions up to 2.8.4; all versions of 2.7.x up to 2.7.13; and all versions of 2.6.x up to 2.6.19. Prompt passwords should be expanded from templates, as these templates may contain special characters. Passwords should be wrapped to prevent triggering...

MailPoet Newsletters 2.6.19 Cross Site Scripting

A cross site scripting vulnerability exists in MailPoet Newsletters WordPress Plugin version 2.6.19. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002402)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002402 advisory. Use-after-free vulnerability in the xacctaddtsk function in kernel/tsacct.c in the Linux kernel before 2.6.19 allows local users to obtain potentially sensitive...

WordPress Brizy plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Brizy versions = 2.7.7...

JVN#88385716: HAProxy vulnerable to HTTP request/response smuggling

HAProxy HTTP/3 implementation contains an issue on accepting malformed HTTP headers. When a request including malformed HTTP headers is forwarded to a HTTP/1.1 non-compliant back-end server, it is exploited to conduct an HTTP request/response smuggling attack CWE-444. Impact A remote attacker may...

SUSE CVE-2007-4133

The 1 hugetlbvmtruncatelist and 2 hugetlbvmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain priotree calculations using HPAGESIZE instead of PAGESIZE units, which allows local users to cause a denial of service panic via unspecified vectors...

SUSE CVE-2009-2698

The udpsendmsg function in the UDP implementation in 1 net/ipv4/udp.c and 2 net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service NULL pointer dereference and system crash via vectors involving the MSGMORE flag and a UDP socket...

SUSE CVE-2019-14846

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

Linux Kernel 2.6.19 < 5.9 - (Netfilter) Local Privilege Escalation Exploit

/ CVE-2021-22555: Turning \x00\x00 into 10000$ by Andy Nguyen theflow@ theflow@theflow:$ gcc -m32 -static -o exploit exploit.c theflow@theflow:$ ./exploit + Linux Privilege Escalation by theflow@ - 2021 + STAGE 0: Initialization Setting up namespace sandbox... Initializing sockets and message...

PYSEC-2019-4

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, ansible-engine 2.6.19, were logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

[SECURITY] Fedora 16 Update: ecryptfs-utils-99-1.fc16

eCryptfs is a stacked cryptographic filesystem that ships in Linux kernel versions 2.6.19 and above. This package provides the mount helper and supporting libraries to perform key management and mount functions. Install ecryptfs-utils if you would like to mount eCryptfs...

[SECURITY] Fedora 17 Update: ecryptfs-utils-99-1.fc17

eCryptfs is a stacked cryptographic filesystem that ships in Linux kernel versions 2.6.19 and above. This package provides the mount helper and supporting libraries to perform key management and mount functions. Install ecryptfs-utils if you would like to mount eCryptfs...

kernel: use flag in do_coredump()

The docoredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to OEXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump...

Linux Kernel &lt; 2.6.19 udp_sendmsg Local Root Exploit (x86/x64)

No description provided by source. / second verse, same as the first CVE-2009-2698 udpsendmsg, x86/x64 Cheers to Julien/Tavis for the bug, p0c73n1 for just throwing code at NULL and finding it executed This exploit is a bit more nuanced and thoughtful ; use ./therebel.sh for everything At this...

Linux Kernel 2.6.19 (Debian 4) - udp_sendmsg Local Privilege Escalation (3)

Linux Kernel 2.6.19 Debian 4 - udpsendmsg Local Privilege Escalation 3 / hoagieudpsendmsg.c LOCAL LINUX KERNEL ROOT EXPLOIT include include include include include include include include / this code will be called from NFHOOK via output callback in kernel mode / void setcurrenttaskuidsgidstozero...

Linux Kernel 2.6 &lt; 2.6.19 (32bit) ip_append_data() ring0 Root Exploit

No description provided by source. / 0x82-CVE-2009-2698 Linux kernel 2.6 2.6.19 32bit ipappenddata local ring0 root exploit Tested White Box 42.6.9-5.ELsmp, CentOS 4.42.6.9-42.ELsmp, CentOS 4.52.6.9-55.ELsmp, Fedora Core 42.6.11-1.1369FC4smp, Fedora Core 52.6.15-1.2054FC5, Fedora Core...

Linux Kernel 2.6 < 2.6.19 (32bit) ip_append_data() ring0 Root Exploit

Exploit for linux platform in category local exploits ===================================================================== Linux Kernel 2.6 include include include include include include unsigned int uid, gid; void getrootuidunsigned task unsigned addr=task;...

Linux Kernel 'SCTP'模块存在漏洞

BUGTRAQ ID: 31121 CVE ID：CVE-2008-3792 CNCVE ID：CNCVE-20083792 Linux是一款开放源代码的操作系统。 Linux内核'SCTP'模块存在多个安全问题，本地攻击者可以利用漏洞获得敏感信息或使内核崩溃。 问题代码如下： file: net/sctp/socket.c ... SCTPSTATIC int sctpgetsockoptstruct sock sk, int level, int optname, char user optval, int user optlen int retval = 0; int len;...

Linux Kernel BER Decoding Remote Buffer Overflow Vulnerability

CVE-2008-1673 The Linux Kernel is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code with kernel-level privileges. Successfully exploiting this issue wil...

Linux Kernel TTY操作NULL指针引用拒绝服务漏洞

BUGTRAQ ID: 30076 CVE ID：CVE-2008-2812 CNCVE ID：CNCVE-20082812 Linux是一款开放源代码的操作系统。 Linux TTY操作在主线上的重写存在NULL指针引用问题，本地攻击者可以利用漏洞使系统崩溃。 目前没有详细漏洞细节提供。 Linux kernel 2.6.25 .5 Linux kernel 2.6.25 Linux kernel 2.6.24 .2 Linux kernel 2.6.24 .1 Linux kernel 2.6.24 -rc5 Linux kernel 2.6.24 -rc4 Linux kernel...