Bugs Lurking in Cisco UC Provisioning Platform

The Akkadian Provisioning Manager, which is used as a third-party provisioning tool within Cisco Unified Communications environments, has three high-severity security vulnerabilities that can be chained together to enable remote code execution RCE with elevated privileges, researchers said. They...

SUSE: Security Advisory (SUSE-SU-2017:1337-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:1247-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:3212-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2014:1214-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:0302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2012:0988-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2701-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

GSD-2021-1000009 Replacement of bash script by an attacker to one that includes malicious commands in Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version # included in it cannot be trusted.

In Codecov Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version included in it cannot be trusted. a Replacement of bash script by an attacker to one that includes malicious commands exists in the The Bas...

Replacement of bash script by an attacker to one that includes malicious commands in Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version # included in it cannot be trusted.

In Codecov Codecov Bash uploader version All versions downloaded from Jan 2021 through April 2021. Because the attacker had control of the script the version included in it cannot be trusted. a Replacement of bash script by an attacker to one that includes malicious commands exists in the The Bas...

Oracle Linux 8 : bash (ELSA-2021-1679)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-1679 advisory. 4.4.19-14 - Fix hang when limit for nproc is very high Resolves: 1890888 4.4.19-13 - Correctly drop saved UID when effective UID is not equal to its real UID...

Bash: Privilege escalation

Background Bash is the standard GNU Bourne Again SHell. Description It was discovered that Bash incorrectly dropped privileges by setting its effective UID to its real UID. Impact A local attacker could possibly escalate privileges. Workaround There is no known workaround at this time. Resolution...

bash security and bug fix update

4.4.19-14 - Fix hang when limit for nproc is very high Resolves: 1890888 4.4.19-13 - Correctly drop saved UID when effective UID is not equal to its real UID Resolves: 1793943...

Privilege Escalation

bash is vulnerable to privilege escalation. The way privileges are dropped when started with an effective user ID not equal to the real user ID. If the setuid permission is set and the owner of the bash program is a non-root user, a local attacker is able to abuse the vulnerability to escalate...

Exploit for Use After Free in Microsoft

CVE-2021-31166 si...

rxvt 2.7.0 / rxvt-unicode 9.22 Code Execution Exploit

rxvt version 2.7.0 and rxvt-unicode version 9.22 incorrectly handles ANSI escape sequences allowing for arbitrary code execution. !/usr/bin/env python Title: rxvt remote code execution over scp with $SHELL=/bin/bash 0day Version: rxvt 2.7.10, rxvt-unicode 9.22 Author: def Date: 2021-05-16 CVE: N/...

RHEL 8 : bash (RHSA-2021:1679)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1679 advisory. The bash packages provide Bash Bourne-again shell, which is the default shell for Red Hat Enterprise Linux. Security Fixes: bash: when effective UID ...

CentOS 8 : bash (CESA-2021:1679)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:1679 advisory. - bash: when effective UID is not equal to its real UID the saved UID is not dropped CVE-2019-18276 Note that Nessus has not tested for this issue but has inste...

bash bug fix and enhancement update

The bash packages provide Bash Bourne-again shell, which is the default shell for AlmaLinux. Bug Fixes and Enhancements: bash loops forever trying to reap children, spins on the CPU BZ1947522...

bash bug fix and enhancement update

An update is available for bash. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The bash packages provide Bash Bourne-again shell, which is the default shell fo...