256 matches found
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
RLSA-2023:0284 Important: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: arbitrary file write with privileges of...
Important: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: arbitrary file write with privileges of...
Important: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: arbitrary file write with privileges of...
CVE-2022-46831
In JetBrains TeamCity between 2022.10 and 2022.10.1 connecting to AWS using the "Default Credential Provider Chain" allowed TeamCity project administrators to access AWS resources normally limited to TeamCity system administrators...
Psudohash - Password List Generator That Focuses On Keywords Mutated By Commonly Used Password Creation Patterns
psudohash is a password list generator for orchestrating brute force attacks. It imitates certain password creation patterns commonly used by humans, like substituting a word's letters with symbols or numbers, using char-case variations, adding a common padding before or after the word and more. ...
PersistenceSniper - Powershell Script That Can Be Used By Blue Teams, Incident Responders And System Administrators To Hunt Persistences Implanted In Windows Machines
PersistenceSniper is a Powershell script that can be used by Blue Teams, Incident Responders and System Administrators to hunt persistences implanted in Windows machines. The script is also available on Powershell Gallery. --- The Why Why writing such a tool, you might ask. Well, for starters, I...
Fedora: Security Advisory for cheat (FEDORA-2022-5ef0bd9a27)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 36 Update: cheat-4.2.2-5.fc36
Cheat allows you to create and view interactive cheatsheets on the command- line. It was designed to help remind nix system administrators of options for commands that they use frequently, but not frequently enough to remember...
Fedora: Security Advisory for cheat (FEDORA-2022-3e1ade35db)
The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 35 Update: cheat-4.2.2-4.fc35
Cheat allows you to create and view interactive cheatsheets on the command- line. It was designed to help remind nix system administrators of options for commands that they use frequently, but not frequently enough to remember...
[SECURITY] Fedora 36 Update: cheat-4.2.2-4.fc36
Cheat allows you to create and view interactive cheatsheets on the command- line. It was designed to help remind nix system administrators of options for commands that they use frequently, but not frequently enough to remember...
Taming the Digital Asset Tsunami
Internet Protocol IP addresses and the devices, web services and cloud assets behind them are the lifeblood of modern businesses. But too often companies amass thousands of digital assets, creating an unmanageable mess for IT and security teams. Left unchecked, a single forgotten, abandoned or...
PbootCMS 跨站请求伪造漏洞
PbootCMS is PbootCMS individual developers of an open source enterprise website content management system CMS developed using the PHP language. A security vulnerability exists in PbootCMS v2.0.3, which can be exploited by an attacker to view the added system administrators via the...
GHSA-8QG8-C7MW-6FJ7 Mattermost Server is vulnerable to Directory Traversal by System Admins
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal...
GHSA-MJ8V-773W-5QHJ Mattermost Server allows System Admin to modify LDAP account names and email addresses
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account...
Mattermost Server is vulnerable to Directory Traversal by System Admins
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal...
CVE-2022-25786
Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7...
CVE-2022-1003 Sysadmin can override existing configs & bypass restrictions like EnableUploads
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads...
Mattermost 安全漏洞
A security vulnerability exists in Mattermost, an open source collaboration platform from Mattermost, a US-based company, which allows system administrators to combine two different permissions/features in a way that allows them to override certain restricted configurations e.g. EnableUploads. No...