CVE-2019-18684

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=ALL NOPASSWD:ALL" to...

RHEL 7 : cockpit-ovirt (RHSA-2019:2433)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2019:2433 advisory. Cockpit is a Linux system adminstration tool with a web UI, easy setup, and minimal system footprint at runtime. When installed on hosts in Red Hat...

Moderate: Red Hat Security Advisory: cockpit-ovirt security, bug fix, and enhancement update

An update for cockpit-ovirt is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels

First, a couple of useful oneliners ; wget "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -O lse.sh curl "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh" -o lse.sh linux-smart-enumeration Linux enumeration tools for...

curl: huge COLUMNS causes progress-bar to buffer overflow

Summary: If an attacker can set environmental variables, curl will always crash with a buffer overflow when downloading a file if the --progress-bar argument is set. Steps To Reproduce: Just run the following command on a 64-bit Linux system verified on Ubuntu 19.04. bash Of course you can set th...

Xerox ColorQube Printers RCE Vulnerability (XRX19C)

Xerox ColorQube printers are prone to a remote code execution RCE vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

iSCSI unauthorized access vulnerability, tens of thousands of iSCSI are likely to be affected-vulnerability warning-the black bar safety net

! Overview iSCSI Internet Small Computer System Interface Internet small computer system interface, also known as IP-SAN, is an Internet-based and SCSI-3 protocols storage technology, by the IETF, proposed, and 2003 2 May 11, became the official standard. 2019 4 December 17, white cap sinks a...

CVE-2019-10880

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request OS Command Injection vulnerability in the HTTP interface. Depending upon configuration authentication may not be necessary...

CVE-2019-10880

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request OS Command Injection vulnerability in the HTTP interface. Depending upon configuration authentication may not be necessary...

Command injection

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request OS Command Injection vulnerability in the HTTP interface. Depending upon configuration authentication may not be necessary...

Security Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977)

Summary IBM DB2 contains a denial of service vulnerability on Linux System z® platform. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SQL statement with the TRUNCATE scalar functions. This could result in a DB2 server crash; if so, the server...

[SECURITY] Fedora 29 Update: glibc-2.28-22.fc29

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

CentOS 7 : glibc (CESA-2018:3092)

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] Fedora 27 Update: glibc-2.26-30.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Micro Focus openSUSE Command Execution Vulnerability

Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the UK. mdadm is one of the packages used to manage and monitor RAID. A security vulnerability in the mdcheck script of the mdadm package in Micro Focus openSUSE versions 3.3.1-5.14.1 prior to version 13.2 stems from...

[SECURITY] Fedora 27 Update: glibc-2.26-28.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

[SECURITY] Fedora 28 Update: glibc-2.27-14.fc28

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

glibc security update

2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...

glibc security, bug fix, and enhancement update

2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...

[SECURITY] Fedora 27 Update: glibc-2.26-26.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...