[ASA-202003-1] chromium: access restriction bypass

Arch Linux Security Advisory ASA-202003-1 ========================================= Severity: High Date : 2020-03-04 CVE-ID : CVE-2020-6420 Package : chromium Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-1107 Summary ======= The package chromium before...

Reliable Datagram Sockets (RDS) - rds_atomic_free_op NULL pointer dereference Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Reliable Datagram Sockets RDS rdsatomicfreeop NULL pointer dereference Privilege Escalation', 'Description' = %q This module attempts to gain roo...

Stable Channel Update for Desktop

The stable channel has been updated to 79.0.3945.130 for Windows, Mac, and Linux, which will roll out over the coming days/weeks. A list of all changes is available in the log. Interested in switching release channels? Find out how. If you find a new issue, please let us know by filing a bug. The...

Linux: Read /etc/motd (KB)

The content of /etc/motd file is displayed to users after successful login. Note: This script only stores information for other Policy Controls. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

gdal:gdal_fuzzer: Heap-buffer-overflow in GRIB2Inventory2to7

Project: https://github.com/OSGeo/gdal.git Detailed Report: https://oss-fuzz.com/testcase?key=5759916124143616 Project: gdal Fuzzing Engine: libFuzzer Fuzz Target: gdalfuzzer Job Type: libfuzzerasangdal Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address: 0x604000007e35 Crash...

Virtuozzo Linux Errata and Enhancement Advisory 2019:3847

Upstream security update. Follow RHEA-2019:3847 for details...

Moderate: Red Hat Security Advisory: systemd security, bug fix, and enhancement update

An update for systemd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Scientific Linux Security Update : sudo on SL7.x x86_64 (20191024)

Security Fixes : - sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword CVE-2019-14287 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include"compat.inc"; if description scriptid130252; scriptversion"1.6";...

binutils:fuzz_disassemble: Index-out-of-bounds in print_insn_rx

Detailed Report: https://oss-fuzz.com/testcase?key=5750488745639936 Project: binutils Fuzzing Engine: libFuzzer Fuzz Target: fuzzdisassemble Job Type: libfuzzerubsanbinutils Platform Id: linux Crash Type: Index-out-of-bounds Crash Address: Crash State: printinsnrx fuzzdisassemble.c Sanitizer:...

Security fix for the ALT Linux 10 package runc version 1.0.0-alt10.rc9

Oct. 10, 2019 Vladimir Didenko 1.0.0-alt10.rc9 - New version - fixes: CVE-2019-16884...

PT-2019-15559 · Alt Linux Team +2 · Alt Linux +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 19.13.5.44 ALT Linux affected versions not specified Description: The issue allows HTTP header injection via the url table function. There is also a mention of a vulnerability in the ALT Linux package, but details...

ACTi ACM-3100 Camera Remote Command Execution Exploit

Exploit for hardware platform in category web applications !/usr/bin/perl ACTi ACM-3100 Camera Remote Command Execution Exploit Copyright 2019 c Todor Donev Disclaimer: This or previous programs are for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies,...

GLSA-201909-05 : WebkitGTK+: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201909-05 WebkitGTK+: Multiple vulnerabilities Multiple vulnerabilities have been discovered in WebkitGTK+. Please review the CVE identifiers referenced below for details. Impact : An attacker, by enticing a user to visit...

iwl100, iwl1000, iwl105, iwl135, iwl2000, iwl2030, iwl3160, iwl3945, iwl4965, iwl5000, iwl5150, iwl6000, iwl6000g2a, iwl6000g2b, iwl6050, iwl7260, iwl7265, linux security update

CentOS Errata and Security Advisory CESA-2019:2169 An update for linux-firmware is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

GLSA-201908-20 : Mozilla Thunderbird: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201908-20 Mozilla Thunderbird: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mozilla Thunderbird. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CV...

[ASA-201908-3] python2-django: multiple issues

Arch Linux Security Advisory ASA-201908-3 ========================================= Severity: Medium Date : 2019-08-05 CVE-ID : CVE-2019-14232 CVE-2019-14233 CVE-2019-14234 CVE-2019-14235 Package : python2-django Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1014...

nebula level18 IT - resources are not released vulnerabilities and FORTIFY protection bypass-vulnerability warning-the black bar safety net

The recent practice of the linux extracted, to find a good topic -- exploit-exercises-nebula, a online range of the above experimental environment, but still suggest to download a virtual machine of a local practice. Wherein level18 is the topic of the essence of the, the official Tips This title...

Countdown to Black Hat: Top 10 Sessions to Attend — #4

With Black Hat USA 2019 fast approaching, we continue our blog series highlighting training sessions and research briefings that we think Qualys customers will find relevant and valuable. Our pick this week is the training session An Introduction To IoT Pentesting With Linux. The course offers “a...

Linux/x86 - ASCII AND, SUB, PUSH, POPAD Encoder Shellcode

!/usr/bin/env python3 INTRODUCTION Encoder Title: ASCII shellcode encoder via AND, SUB, PUSH, POPAD Date: 26.6.2019 Encoder Author: Petr Javorik, www.mmquant.net Tested on: Linux ubuntu 3.13.0-32-generic, x86 Special thx to: Corelanc0d3r for intro to this technique Description: This encoder is...

SAPIDO RB-1732 Remote Command Execution

Exploit Title: SAPIDO RB-1732 command line execution Date: 2019-6-24 Exploit Author: k1nm3n.aotoi Vendor Homepage: http://www.sapido.com.tw/ Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732TCv2.0.43.bin Version: RB-1732 V2.0.43 Tested on: linux import requests...