306 matches found
Fedora: Security Advisory for pacman (FEDORA-2020-419a75aef6)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 32 Update: pacman-5.2.1-2.fc32
Pacman is the package manager used by the Arch distribution. It can be used to install Arch into a container or to recover an Arch installation from a Fedora system see arch-install-scripts package for instructions. Pacman is a frontend for the ALPM Arch Linux Package Management library Pacman do...
[ASA-202004-15] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202004-15 ========================================== Severity: Critical Date : 2020-04-16 CVE-ID : CVE-2020-6457 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1134 Summary ======= The package chromium...
[SECURITY] Fedora 31 Update: pacman-5.2.1-2.fc31
Pacman is the package manager used by the Arch distribution. It can be used to install Arch into a container or to recover an Arch installation from a Fedora system see arch-install-scripts package for instructions. Pacman is a frontend for the ALPM Arch Linux Package Management library Pacman do...
[ASA-202004-11] libssh: denial of service
Arch Linux Security Advisory ASA-202004-11 ========================================== Severity: Medium Date : 2020-04-09 CVE-ID : CVE-2020-1730 Package : libssh Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1130 Summary ======= The package libssh before version...
[ASA-202004-8] firefox: multiple issues
Arch Linux Security Advisory ASA-202004-8 ========================================= Severity: Critical Date : 2020-04-08 CVE-ID : CVE-2020-6821 CVE-2020-6823 CVE-2020-6824 CVE-2020-6825 CVE-2020-6826 Package : firefox Type : multiple issues Remote : Yes Link :...
[ASA-202004-1] chromium: arbitrary code execution
Arch Linux Security Advisory ASA-202004-1 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-6450 CVE-2020-6451 CVE-2020-6452 Package : chromium Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1123 Summary ======= Th...
[ASA-202004-3] linux-lts: privilege escalation
Arch Linux Security Advisory ASA-202004-3 ========================================= Severity: High Date : 2020-04-01 CVE-ID : CVE-2020-8835 Package : linux-lts Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1121 Summary ======= The package linux-lts before versi...
ALPINE-CVE-2020-5291
Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...
DEBIAN-CVE-2020-5291
Bubblewrap bwrap before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the bwrap --userns2 option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that...
ptf
The Penetration Testers Framework PTF is a Python script designed for Debian/Ubuntu/ArchLinux based distributions to create a similar and familiar distribution for Penetration Testing. It is a modular framework that installs and updates various penetration testing tools, compiles them, and makes...
[ASA-202003-13] bluez: access restriction bypass
Arch Linux Security Advisory ASA-202003-13 ========================================== Severity: High Date : 2020-03-19 CVE-ID : CVE-2020-0556 Package : bluez Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-1116 Summary ======= The package bluez before versi...
[ASA-202003-1] chromium: access restriction bypass
Arch Linux Security Advisory ASA-202003-1 ========================================= Severity: High Date : 2020-03-04 CVE-ID : CVE-2020-6420 Package : chromium Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-1107 Summary ======= The package chromium before...
[ASA-202001-2] file: arbitrary code execution
Arch Linux Security Advisory ASA-202001-2 ========================================= Severity: High Date : 2020-01-09 CVE-ID : CVE-2019-18218 Package : file Type : arbitrary code execution Remote : No Link : https://security.archlinux.org/AVG-1083 Summary ======= The package file before version...
DEBIAN-CVE-2019-19882
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...
CVE-2019-19882
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...
CVE-2019-19882
shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing...
CVE-2019-19882
CVE-2019-19882 affects Shadow 4.8 when built with --with-libpam but without --disable-account-tools-setuid and without a PAM config compatible with setuid tools, enabling local users to escalate to root via account-management utilities (groupadd, groupdel, groupmod, useradd, userdel, usermod). Th...
Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
A Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI. Abstract Trivy tri pronounced like tri gger, vy pronounced like envy is a simple and comprehensive vulnerability scanner for containers. A software vulnerability is a glitch, flaw, or weakness present in the softwar...
[ASA-201911-4] python2: information disclosure
Arch Linux Security Advisory ASA-201911-4 ========================================= Severity: High Date : 2019-11-03 CVE-ID : CVE-2019-9636 Package : python2 Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-978 Summary ======= The package python2 before version...