[SECURITY] Fedora 36 Update: golang-github-distribution-3-2.8.0~beta.1-3.20220203gitb609265.fc36

The toolkit to pack, ship, store, and deliver container content...

[SECURITY] Fedora 36 Update: xe-guest-utilities-latest-7.30.0-6.fc36

Scripts for monitoring XAPI project virtual machine. Writes distribution version information and IP address to XenStore. This package follows the latest version of xe-guest-utilities upstream...

[SECURITY] Fedora 36 Update: stargz-snapshotter-0.12.0-2.fc36

Fast container image distribution plugin with lazy pulling...

Fedora: Security Advisory for docker-distribution (FEDORA-2022-5ef0bd9a27)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-evanw-esbuild-0.14.38-3.fc36

This is a JavaScript bundler and minifier. It packages up JavaScript and TypeScript code for distribution on the web...

[SECURITY] Fedora 36 Update: docker-distribution-2.6.2-18.git48294d9.fc36

Docker toolset to pack, ship, store, and deliver content...

GO-2022-0379 Type confusion in github.com/docker/distribution

Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. A maliciously crafted OCI Container Image can cause registry clients to parse the same image in two different ways without modifying the image's digest, invalidating the common pattern of relying o...

Debian: Security Advisory (DSA-5191-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

APT29 utilizes cloud storage service to deliver malicious payloads

Threat Level Actor Report For a detailed advisory, download the pdf file here Summary APT29, a cyber espionage gang uses cloud storage services such as Google Drive and Dropbox to distribute malware to compromised systems. The gang used a phishing campaign that targeted several Western diplomatic...

Samba 权限许可和访问控制问题漏洞

Samba is the standard Windows interoperability program suite for Linux and Unix. Samba 4.3 and prior versions are vulnerable to a privilege-granting and access-control issue that stems from the KDC accepting kpasswd requests encrypted with any key known to it. By encrypting a spoofed kpasswd...

PT-2022-4426 · Samba +6 · Samba +6

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: A flaw in Samba occurs when the KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. This issue is related to the authentication...

Debian DSA-5190-1 : spip - security update

The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5190 advisory. It was discovered that SPIP, a website engine for publishing, would allow a malicious user to execute arbitrary code or escalate privileges. For the oldstable...

UBUNTU-CVE-2022-2031

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other...

Debian: Security Advisory (DSA-5188-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Alibaba OSS Buckets Compromised to Distribute Malicious Shell Scripts via Steganography

In this blog entry, we discuss a malicious campaign that targets Alibaba Cloud’s OSS buckets with leaked credentials for malware distribution and cryptojacking...

Fedora: Security Advisory for origin (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for docker-distribution (FEDORA-2022-3e1ade35db)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[Security Nation] Jacques Chester of Shopify Talks CVSS Scores

!\Security Nation\ Jacques Chester of Shopify Talks CVSS Scoreshttps://blog.rapid7.com/content/images/2022/07/securitynationlogo-1.jpg In this episode of Security Nation, Shopify Senior Staff Software Developer Jacques Chester joins Jen and Tod to discuss his intriguing paper on CVSS scores and t...

[SECURITY] Fedora 35 Update: stargz-snapshotter-0.10.2-4.fc35

Fast container image distribution plugin with lazy pulling...

[SECURITY] Fedora 35 Update: xe-guest-utilities-latest-7.30.0-4.fc35

Scripts for monitoring XAPI project virtual machine. Writes distribution version information and IP address to XenStore. This package follows the latest version of xe-guest-utilities upstream...