Vulmap

This is a Python script for a local vulnerability scanner, specifically designed for Linux systems. The script, named Vulmap, is part of the Vulmap Local Vulnerability Scanners project. It scans the host for installed packages, queries the Vulmon API for vulnerabilities, and prints the results,...

eDeploy Code Issue Vulnerability

eDeploy is a configuration and update tool for Linux systems. A security vulnerability exists in eDeploy. An attacker could exploit the vulnerability to execute code...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM OS Images for Red Hat Linux Systems (July2019 updates)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that are used by the OS Images for IBM Cloud Pak System formerly known as IBM PureApplication System. These issues were disclosed as part of the IBM Java SDK quarterly updates in July 2019. OS Images have addressed th...

Sudo Bug Opens Root Access on Linux Systems

A vulnerability in Sudo, a core command utility for Linux, could allow a user to execute commands as a root user even if that root access has been specifically disallowed. Sudo is a utility that allows a system administrator to give certain users or groups of users the ability to run commands in...

ptrace - Sudo Token Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ptrace Sudo Token Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by blindly injecting into the session...

Airgeddon v9.21 - A Multi-use Bash Script for Linux Systems to Audit Wireless Networ

This is a multi-use bash script for Linux systems to audit wireless networks. All the needed info about how to "install | use | enjoy" airgeddon is present at Github's Wiki. I. Content & Features Home Features Screenshots Wallpapers II. Requirements Requirements Compatibility Essential Tools...

Docker Command Injection Vulnerability

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...

The vulnerability of the Paramiko library in Oracle Solaris, Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Red Hat Virtualization, and the management consoles Red Hat Ansible Tower allows a perpetrator to execute arbitrary code.

The vulnerability of the Paramiko library for operating systems such as Oracle Solaris, Ubuntu, Debian GNU/Linux, Red Hat Enterprise Linux, Red Hat Virtualization, and the management consoles Red Hat Ansible Tower is related to lack of access control. Exploiting this vulnerability allows a...

Malicious Package

libpeshka is a malicious package. The package contains a hidden backdoor which would activate when the libraries are installed on Linux systems...

Malicious Package

libari is a malicious package. The package contains a hidden backdoor which would activate when the libraries are installed on Linux systems...

IBM DB2 Encryption Issues Vulnerabilities

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 is vulnerable to an encryption issue. An attacker could exploit this vulnerability to decrypt...

This Week in Security News: Gray Alerts and Wormable Malware

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the new wormable malware that’s dropping a Monero miner in web servers, networks and removable drivers. Also, read about the bes...

Security Bulletin: IBM PureApplication Service is affected by vulnerabilities (CVE-2018-3639, CVE-2018-3640)

Summary IBM has released Version 2.2.5.3 for IBM PureApplication Service, which includes IBM OS Images for Red Hat Linux Systems, as well as AIX-based and Windows-based deployments, in response to CVE-2018-3639 and CVE-2018-3640. IBM PureApplication Service has addressed the following...

CVE-2019-5788

An integer overflow that leads to a use-after-free in Blink Storage in Google Chrome on Linux prior to 73.0.3683.75 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page...

[SECURITY] Fedora 30 Update: dbus-broker-20-3.fc30

dbus-broker is an implementation of a message bus as defined by the D-Bus specification. Its aim is to provide high performance and reliability, while keeping compatibility to the D-Bus reference implementation. It is exclusiv ely written for Linux systems, and makes use of many modern features...

The vulnerability of the Polkit library in Linux operating systems, allowing a hacker to execute arbitrary commands

The vulnerability of the Polkit library in Linux operating systems is related to access control deficiencies. Exploiting this vulnerability allows an attacker to execute arbitrary commands...

Lynis 2.7.3 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...

AddressSanitizer (ASan) - SUID Executable Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems using setuid executables compiled with AddressSanitizer ASan. ASan configuration related environment variables are permitted when executing setuid executables built with libasan. The logpath option can be set using the...

[SECURITY] Fedora 29 Update: keepalived-2.0.10-1.fc29

Keepalived provides simple and robust facilities for load balancing and high availability to Linux system and Linux based infrastructures. The load balancing framework relies on well-known and widely used Linux Virtual Server IPVS kernel module providing Layer4 load balancing. Keepalived implemen...

Lynis 2.7.0 - Security Auditing Tool for Unix/Linux Systems

We are excited to announce this major release of auditing tool Lynis. Several big changes have been made to core functions of Lynis. These changes are the next of simplification improvements we made. There is a risk of breaking your existing configuration. Lynis is an open source security auditin...