Moderate: Red Hat Security Advisory: ansible security update

An update for ansible is now available for Red Hat OpenStack Platform 14.0 Rocky. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

python: Integer overflow in Modules/_pickle.c allows for memory exhaustion if serializing gigabytes of data

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

Node.js third-party modules: [gity] RCE via insecure command formatting

I would like to report a RCE issue in the gity module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: gity version: 1.0.5 npm page: https://www.npmjs.com/package/gity Module Description A nice Git wrapper for Node. Module Stats 3/4 downloads in the las...

5.24 bug fix and enhancement update

An update is available for perl-Pod-Perldoc, perl-DBI, perl-Pod-Escapes, perl-Devel-PPPort, perl-Pod-Usage, perl-Sub-Exporter, perl-perlfaq, perl-CPAN-Meta-YAML, perl-Digest, perl-podlators, perl-bignum, perl-Text-ParseWords, perl-Text-Template, perl-DBD-MySQL, perl-Text-Glob, perl-Pod-Simple,...

python27:2.7 security and bug fix update

An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet, python-markupsafe,...

Siemens SCALANCE WLC711 6GK571-10XC00-1AB0 IWLAN Controller Detection

Binary data 765311.prm...

Node.js third-party modules: Crash Node.js process from handlebars using a small and simple source

I would like to report Denial of service in handlebars. It allows an attacker to crush Node.js process with a small and simple source. Module module name: handlebars version: 4.5.1 npm page: https://www.npmjs.com/package/handlebars Module Description Handlebars.js is an extension to the Mustache...

CVE-2019-6843

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580 with firmware version prior to V3.10, Modicon M340 all firmware versions, and Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service attack on the PLC when upgrading...

Design/Logic Flaw

A CWE-755: Improper Handling of Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon BMxCRA and 140CRA modules all firmware versions, which could cause a Denial of Service atack on the PLC when upgrading the controller with a firmware package containing an invalid we...

Important: Red Hat Security Advisory: kernel-alt security and bug fix update

An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

Important: Red Hat Security Advisory: Ansible security and bug fix update

An update is now available for Ansible Engine 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

ansible: secrets disclosed on logs when no_log enabled

Ansible was logging at the DEBUG level which lead to a disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible modules, as those are executed in a separate process...

Node.js third-party modules: Prototype pollution in dot-prop

I would like to report a parameter pollution in dot-prop It allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation DoS, access to sensitive data, RCE. Module module name: dot-prop version: 5.1.1 npm page:...

Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Impact Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios. Patches The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later. Workarounds Disable Go Modules support. References Blog post:...

GHSA-V7X3-7HW7-PCJG Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments

Impact Temporary repository tokens were leaked into Pull Requests comments in during certain Go Modules update failure scenarios. Patches The problem has been patched. Self-hosted users should upgrade to v19.38.7 or later. Workarounds Disable Go Modules support. References Blog post:...

UAC-A-Mola - Tool That Allows Security Researchers To Investigate New UAC Bypasses, In Addition To Detecting And Exploiting Known Bypasses

UAC-A-Mola is a tool that allows security researchers to investigate new UAC bypasses, in addition to detecting and exploiting known bypasses. UAC-A-mola has modules to carry out the protection and mitigation of UAC bypasses. The strong point of uac-a-mola is that it was created so that other...

SUID3NUM - A Script Which Utilizes Python'S Built-In Modules To Find SUID Bins, Separate Default Bins From Custom Bins, Cross-Match Those With Bins In GTFO Bin's Repository & Auto-Exploit Those

A standalone python script which utilizes python's built-in modules to find SUID bins, separate default bins from custom bins, cross-match those with bins in GTFO Bin's repository & auto-exploit those, all with colors! Description A standalone script supporting both python2 & python3 to find out...

Node.js third-party modules: [git-lib] RCE via insecure command formatting

I would like to report a RCE issue in the git-lib module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: git-lib version: 1.6.0 npm page: https://www.npmjs.com/package/git-lib Module Description A library that contains different methods to be consumed ...