Scientific Linux Security Update : pacemaker on SL7.x i686/x86_64 (2020:5453)

The remote Scientific Linux 7 host has packages installed that are affected by a vulnerability as referenced in the SLSA-2020:5453-1 advisory. - pacemaker: ACL restrictions bypass CVE-2020-25654 Note that Nessus has not tested for this issue but has instead relied only on the application's...

Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1i-alt1

1.1.1i-alt1 built Dec. 9, 2020 Gleb Fotengauer-Malinovskiy in task 263105 Dec. 8, 2020 Gleb Fotengauer-Malinovskiy - Updated to 1.1.1i fixes CVE-2020-1971...

DEBIAN-CVE-2020-12912

A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit RAPL interface to show various side channel attacks. In line with industry partners, AMD has updated the RAPL interface to require privileged access...

Privilege escalation

Insufficiently protected credentials in the IntelR QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

Security fix for the ALT Linux 10 package libetpan version 1.9.4-alt2

Oct. 1, 2020 Aleksei Nikiforov 1.9.4-alt2 - Applied security fixes from upstream Fixes: CVE-2020-15953...

[ASA-202009-9] chromium: multiple issues

Arch Linux Security Advisory ASA-202009-9 ========================================= Severity: High Date : 2020-09-23 CVE-ID : CVE-2020-15960 CVE-2020-15961 CVE-2020-15962 CVE-2020-15963 CVE-2020-15964 CVE-2020-15965 CVE-2020-15966 Package : chromium Type : multiple issues Remote : Yes Link :...

Denial Of Service (DoS)

linux is vulnerable to denial of service DoS. The vulnerability exists in through a malicious USB device in the drivers/usb/class/cdc-acm.c driver...

An overview of targeted attacks and APTs on Linux

Perhaps unsurprisingly, a lot has been written about targeted attacks on Windows systems. Windows is, due to its popularity, the platform for which we discover most APT attack tools. At the same time, theres a widely held opinion that Linux is a secure-by-default operating system that isnt...

Stable Channel Update for Desktop

The stable channel has been updated to 84.0.4147.135 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The...

Ghostscript < 9.51 Multiple Vulnerabilities - Linux

Ghostscript is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GLSA-202007-53 : Dropbear: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202007-53 Dropbear: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Dropbear. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for...

GLSA-202007-50 : GLib Networking: Improper certificate validation

The remote host is affected by the vulnerability described in GLSA-202007-50 GLib Networking: Improper certificate validation GTlsClientConnection skips hostname verification of the servers TLS certificate if the application fails to specify the expected server identity. Impact : There may be a...

[ASA-202006-15] freerdp: multiple issues

Arch Linux Security Advisory ASA-202006-15 ========================================== Severity: High Date : 2020-06-28 CVE-ID : CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033 CVE-2020-11095 CVE-2020-11096 CVE-2020-11097 CVE-2020-11098 CVE-2020-11099 Package : freerdp Type : multiple issu...

CVE-2020-2026

CVE-2020-2026 affects Kata Containers: susceptible in Kata 1.11.x prior to 1.11.1, 1.10.x prior to 1.10.5, and 1.9 and earlier. A malicious guest can trick the runtime into mounting an untrusted container filesystem on a host path, enabling possible host code execution. Affected components: kata-...

Privilege Escalation

kernel is vulnerable to privilege escalation. The vulnerability exists as the compatallocuserspace function in the Linux kernel 32/64-bit compatibility layer implementation was missing sanity checks. This function could be abused in other areas of the Linux kernel if its length argument can be...

Samsung Mobile Device Input Validation Error Vulnerability (CNVD-2020-32800)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. An input validation error vulnerability exists in Samsung mobile devices, which can be exploited by attackers to corrupt memory with the help of incorrectly formatt...

[ASA-202004-8] firefox: multiple issues

Arch Linux Security Advisory ASA-202004-8 ========================================= Severity: Critical Date : 2020-04-08 CVE-ID : CVE-2020-6821 CVE-2020-6823 CVE-2020-6824 CVE-2020-6825 CVE-2020-6826 Package : firefox Type : multiple issues Remote : Yes Link :...

GLSA-202003-57 : PHP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202003-57 PHP: Multiple vulnerabilities Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact : An attacker could possibly execute arbitrary shell commands,...

GLSA-202003-27 : libssh: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-202003-27 libssh: Arbitrary command execution It was discovered that libssh incorrectly handled certain scp commands. Impact : A remote attacker could trick a victim into using a specially crafted scp command, possibly resulting i...

GLSA-202003-01 : Groovy: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-202003-01 Groovy: Arbitrary code execution It was discovered that there was a vulnerability within the Java serialization/deserialization process. Impact : An attacker, by crafting a special serialized object, could execute...