SUSE: Security Advisory (SUSE-SU-2018:2071-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:2814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE: Security Advisory for tpm2-tss-engine (openSUSE-SU-2021:0542-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLES15 Security Update : buildah (SUSE-SU-2020:3423-1)

This update for buildah fixes the following issues : buildah was updated to v1.17.0 bsc1165184 : Handle cases where other tools mount/unmount containers overlay.MountReadOnly: support RO overlay mounts overlay: use fusermount for rootless umounts overlay: fix umount Switch default log level of...

USN-4512-1 util-linux vulnerability

It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create arbitrary mountpoints, another user could be tricked into executing arbitrary code when attempting to run the umount command with bash...

Ubuntu 18.04 LTS : util-linux vulnerability (USN-4512-1)

The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4512-1 advisory. It was discovered that the umount bash completion script shipped in util-linux incorrectly handled certain mountpoints. If a local attacker were able to create...

openSUSE Security Update : osc (openSUSE-2020-852)

This update for osc to 0.169.1 fixes the following issues : Security issue fixed : - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths bsc1122675. Non-security issues fixed : - Improved the speed and usability of osc bash completion. - improved some error...

SUSE-SU-2020:1695-2 Security update for osc

This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths bsc1122675. Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error message...

OPENSUSE-SU-2020:0852-1 Security update for osc

This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths bsc1122675. Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error message...

SUSE-SU-2020:1695-1 Security update for osc

This update for osc to 0.169.1 fixes the following issues: Security issue fixed: - CVE-2019-3681: Fixed an insufficient validation of network-controlled filesystem paths bsc1122675. Non-security issues fixed: - Improved the speed and usability of osc bash completion. - improved some error message...

SUSE SLES12 Security Update : git (SUSE-SU-2020:0992-1)

This update for git fixes the following issues : Security issue fixed : CVE-2020-5260: With a crafted URL that contains a newline in it, the credential helper machinery can be fooled to give credential information for a wrong host bsc1168930. Non-security issue fixed : git was updated to 2.26.0 f...

Apache James Server 2.3.2 - Insecure User Creation Arbitrary File Write Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...

Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write Exploit

This Metasploit module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written...

Apache James Server 2.3.2 Insecure User Creation / Arbitrary File Write

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write", 'Description' = %q This module exploits a vulnerability that exists due t...

openSUSE Security Update : systemd (openSUSE-2020-208)

This update for systemd fixes the following issues : - CVE-2020-1712 bscbsc1162108 Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or...

OPENSUSE-SU-2020:0208-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2020-1712 bscbsc1162108 Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potential...

Security update for systemd (important)

openSUSE Security Update: Security update for systemd Announcement ID: openSUSE-SU-2020:0208-1 Rating: important References: 1084671 1092920 1106383 1133495 1151377 1154256 1155207 1155574 1156213 1156482 1158485 1159814 1161436 1162108 Cross-References: CVE-2019-20386 CVE-2020-1712 Affected...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2020:0335-1)

This update for systemd fixes the following issues : CVE-2020-1712 bscbsc1162108 Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentiall...

SUSE-SU-2020:0335-1 Security update for systemd

This update for systemd fixes the following issues: - CVE-2020-1712 bscbsc1162108 Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potential...

Apache James Server 2.3.2 Insecure User Creation Arbitrary File Write

This module exploits a vulnerability that exists due to a lack of input validation when creating a user. Messages for a given user are stored in a directory partially defined by the username. By creating a user with a directory traversal payload as the username, commands can be written to a given...