SUSE SLES12 Security Update : nodejs6 (SUSE-SU-2018:1183-1)

This update for nodejs6 fixes the following issues : - Fix some node-gyp permissions - New upstream LTS release 6.14.1 : - Security fixes : + CVE-2018-7160: Fix for inspector DNS rebinding vulnerability bsc1087463 + CVE-2018-7158: Fix for 'path' module regular expression denial of service...

[SECURITY] Fedora 28 Update: ansible-2.7.5-1.fc28

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

PSF-2018-6 pickle.load denial of service

Modules/pickle.c in Python before 3.7.1 has an integer overflow via a large LONGBINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of...

Input validation

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

CVE-2018-1000873

Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service DoS. This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the...

[SECURITY] Fedora 29 Update: ansible-2.7.5-1.fc29

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

LanSpy 2.0.1.159 - Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCEPoC Date: 2018-12-16 Author: Juan...

Code injection

Installed packages are exposed by nodemodules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "where" attribute of package.json files...

Rendertron Absolute Path Disclosure Vulnerability

Rendertron is Google's open source Chrome rendering solution designed to instantly render web pages. Rendertron 1.0.0 suffers from an absolute path disclosure vulnerability, which stems from nodemodules in Rendertron exposing installed packages, which can be exploited by a remote attacker to read...

F5 Networks BIG-IP : OpenSSH vulnerability (K31440025)

Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS11 modules by leveraging control over a forwarded agent-socket. CVE-2016-10009 C Tenable Network Security, Inc. The descriptive text and package checks in...

[SECURITY] Fedora 28 Update: perl-5.26.3-415.fc28

Perl is a high-level programming language with roots in C, sed, awk and she ll scripting. Perl is good at handling processes and files, and is especially good at handling text. Perl's hallmarks are practicality and efficiency. While it is used to do a lot of different things, Perl's most common...

Perl Modules Detection (Linux/Unix SSH Login)

SSH login-based detection of various installed Perl modules. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

CVE-2018-17924

Rockwell Automation MicroLogix 1400 Controllers and 1756 ControlLogix Communications Modules An unauthenticated, remote threat actor could send a CIP connection request to an affected device, and upon successful connection, send a new IP configuration to the affected device even if the controller...

RHEL 7 : ansible (RHSA-2018:3770)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3770 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does n...

CVE-2018-16528

Amazon Web Services AWS FreeRTOS through 1.3.1 allows remote attackers to execute arbitrary code because of mbedTLS context object corruption in prvSetupConnection and GGDSecureConnectConnect in AWS TLS connectivity modules...

CVE-2018-16528

The CVE-2018-16528 issue affects AWS FreeRTOS up to version 1.3.1, where remote code execution is possible due to mbedTLS context object corruption in prvSetupConnection and GGD_SecureConnect_Connect within the AWS TLS connectivity modules. The vulnerability’s impact is described as remote attack...

LightBulb Framework - Tools For Auditing WAFS

LightBulb is an open source python framework for auditing web application firewalls and filters. Synopsis The framework consists of two main algorithms: GOFA : An active learning algorithm that infers symbolic representations of automata in the standard membership/equivalence query model. Active...

Kernel-Mode Rootkit Hunter: Tyton

Loadable kernel modules, LKMs for short, are an integral companion to the Linux kernel. Typically, LKMs are used to add support for new hardware as device drivers or file systems or add additional system calls. Without LKMs, an operating system would have to include all possible anticipated...

Veeam Agent for Linux - veeamsnap and blksnap Extended Linux Distribution Support

This article provides supplementary information regarding the compatibility of the veeamsnap and blksnap kernel modules with various Linux distributions and kernel versions. It specifically addresses distributions and versions that are not explicitly listed in the System Requirements for Veeam...