OPENSUSE-SU-2020:2205-1 Security update for rpmlint

This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit bsc1169614 This update was imported from the SUSE:SLE-15:Update update project...

Security update for rpmlint (moderate)

openSUSE Security Update: Security update for rpmlint Announcement ID: openSUSE-SU-2020:2205-1 Rating: moderate References: 1169614 Affected Products: openSUSE Leap 15.2 An update that contains security fixes can now be installed. Description: This update for rpmlint fixes the following issues: -...

Incomcms 代码问题漏洞

Incomcms is a website builder for Incomcms individual developers. A file upload vulnerability exists in IncomCMS version 2.0, which originates from the modules/uploader/showcase/script.php unsafe file upload vulnerability. An attacker can exploit this vulnerability to upload files to the server...

Metasploit Wrap-Up

The Metasploit team is rolling to the end of the year featuring a week of modules, updates, and our annual CTF. I say rolling in part because here in the US, we’re coming off our week of Thanksgiving, which involves lots of pies, and we’re probably all a bit more spherical than normal! For those ...

SUSE-SU-2020:3613-1 Security update for rpmlint

This update for rpmlint fixes the following issues: - Whitelist PAM modules and DBUS rules for cockpit bsc1169614...

CVE-2020-7533

CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests...

[SECURITY] Fedora 33 Update: pam-1.4.0-9.fc33

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

Fedora: Security Advisory for pam (FEDORA-2020-22532a1a81)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: slurm-20.02.6-1.fc33

Slurm is an open source, fault-tolerant, and highly scalable cluster management and job scheduling system for Linux clusters. Components include machine status, partition management, job management, scheduling and accounting modules...

Fedora: Security Advisory for slurm (FEDORA-2020-49b97c38e7)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE-SU-2020:3477-1 Security update for postgresql96

This update for postgresql96 fixes the following issues: Upgrade to version 9.6.20: CVE-2020-25695, bsc1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. CVE-2020-25694, bsc1178667: a Fix usage of complex...

isf

This repository is an Industrial Exploitation Framework ISF for testing and exploiting industrial control systems ICS. It is a Python-based framework similar to Metasploit. The framework is based on the open-source project routersploit and includes various clients and modules for different ICS...

SIRAS - Security Incident Response Automated Simulations

Security Incident Response Automated Simulations SIRAS are internal/controlled actions that provide a structured opportunity to practice the incident response plan and procedures during a realistic scenarios. the main idea of SIRAS is create an detection-as-a-code testing scenarios to facilitate...

CVE-2020-15710 Potential double-free in pulseaudio

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in...

CVE-2020-15710

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in...

addok (=0.5.0), cloudmesh-client (>=4.2.6 <=4.7.3) +50 more potentially affected by CVE-2020-28724 via werkzeug (>=0.10.1 <=0.11.5)

werkzeug PYPI version =0.10.1, =4.2.6, =1.2.1, =1.0.22, =0.7.12, =0.1.1, =1.0.0, =0.0.1, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.0, =11.0.6 and more Source cves: CVE-2020-28724 Source advisory: OSV:PYSEC-2020-157...

CVE-2020-7563

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

Out-of-bounds

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause corruption of data, a crash, or code execution when uploading a specially crafted...

CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...

CVE-2020-7562

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules see notification for details which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file ...