GSD-2023-1001718 iommu/arm-smmu: Don't unregister on shutdown

iommu/arm-smmu: Don't unregister on shutdown This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.7 by commit...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

KB5004442: Windows DCOM Server Security Feature Bypass Registry Check (CVE-2021-26414)

The remote Windows DCOM Server may be in a vulnerable state to exploitation by having the HKLM\Software\Microsoft\Ole\AppCompat\RequireIntegrityActivationAuthenticationLevel registry value set to 0. Hardening changes in DCOM were required for CVE-2021-26414 and were implemented in 2 phases on Jun...

Python Exec, Python Meterpreter, Python Reverse TCP Stager with UUID Support

Execute a Python payload from a command. Run a meterpreter server in Python compatible with 2.5-2.7 & 3.1+. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/python/meterpreter/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf...

Python Exec, Python Meterpreter Shell, Bind TCP Inline

Execute a Python payload from a command. Connect to the victim and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterbindtcp msf payloadmeterpreterbindtcp show actions ...actions... msf payloadmeterpreterbindtcp set ACTION msf payloadmeterpreterbindtcp show...

Python Exec, Python Meterpreter Shell, Reverse HTTP Inline

Execute a Python payload from a command. Connect back to the attacker and spawn a Meterpreter shell Module Options msf use payload/cmd/windows/python/meterpreterreversehttp msf payloadmeterpreterreversehttp show actions ...actions... msf payloadmeterpreterreversehttp set ACTION msf...

USN-5822-1: Samba vulnerabilities

It was discovered that Samba incorrectly handled the bad password count logic. A remote attacker could possibly use this issue to bypass bad passwords lockouts. This issue was only addressed in Ubuntu 22.10. CVE-2021-20251 Evgeny Legerov discovered that Samba incorrectly handled buffers in certai...

Critical: cacti

Issue Overview: A flaw was found in how Cacti grants authorization based on IP address which allows authentication bypass, and possibly arbitrary command execution if a polleritem configured with a POLLERACTIONSCRIPTPHP action is present. This updated cacti package adds a feature allowing an...

Security Bulletin: A vulnerability in IBM Java Runtime affects SPSS Collaboration and Deployment Services (CVE-2021-28167)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by SPSS Collaboration and Deployment Services. This issue has been addressed. Vulnerability Details CVEID:CVE-2021-28167 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass security restrictions,...

MGASA-2023-0005 Updated minetest packages fix security vulnerability

This update provides minetest 5.6.1, the latest stable release of the open source voxel game. This updates provides a number of feature and bug fix changes compared to the previous version 5.4.0 provided in Mageia 8. See the linked release notes and changelogs for details. The update also improve...

OESA-2023-1033 byacc security update

Berkeley Yacc is an LALR1 parser generator. Berkeley Yacc has been made as compatible as possible with AT&T Yacc. Berkeley Yacc can accept any input specification that conforms to the AT&T Yacc documentation. Specifications that take advantage of undocumented features of AT&T Yacc will probably b...

Microsoft ends extended support for Windows 7 and Windows Server 2008 today

Time has finally run out for Windows 7 Professional and Enterprise users. Microsoft will stop providing its Extended Security Updates ESU program for the OS version today, January 10. When the company ended its mainstream support for Windows 7 three years ago, it also offered an ESU program to...

PT-2023-15134 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr fix royal compatibility' AJAX action. This allows any authenticated user,...

VulnCheck KEV: CVE-2022-4702

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfixroyalcompatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to deactivate every plugin...

Go 1.20 Cryptography

The first second release candidate of Go 1.20 is out!1 This is the first release I participated in as an independent maintainer, after leaving Google to become a professional Open Source maintainer. By the way, thats going great, and Im going to write more about it here soon! Im pretty happy with...

SUSE-SU-2023:0010-1 Security update for saphanabootstrap-formula

This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 revert changes to spec file to re-enable SLES RPM builds CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/hacluster.sls bsc1205990 - Version bump 0.13.0 pass sid to sudoers in a SLES12...

[SECURITY] Fedora 36 Update: python3.6-3.6.15-15.fc36

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

OPENSUSE-SU-2022:10252-1 Security update for vlc

This update for vlc fixes the following issues: - Update to version 3.0.18 CVE-2022-41325, boo1206142: + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - A...

[SECURITY] Fedora 37 Update: ntfs-3g-2022.10.3-1.fc37

NTFS-3G is a stable, open source, GPL licensed, POSIX, read/write NTFS driver for Linux and many other operating systems. It provides safe handling of the Windows XP, Windows Server 2003, Windows 2000, Windows Vista, Windows Server 2008 and Windows 7 NTFS file systems. NTFS-3G can create, remove,...

Page Scroll To ID < 1.7.6 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Put the...