[SECURITY] Fedora 44 Update: kf6-kpackage-6.25.0-1.fc44

KDE Frameworks 6 Tier 2 library to load and install non-binary packages as if they were plugins...

[SECURITY] [DSA 5655-2] cockpit regression update

------------------------------------------------------------------------- Debian Security Advisory DSA-5655-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso April 16, 2024 https://www.debian.org/security/faq -...

CVE-2023-37920

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted ...

Faraday - Open Source Vulnerability Management Platform

Security has two difficult tasks: designing smart ways of getting new information, and keeping track of findings to improve remediation efforts. With Faraday, you may focus on discovering vulnerabilities while we help you with the rest. Just use it in your terminal and get your work organized on...

USN-5613-2 vim regression

USN-5613-1 fixed vulnerabilities in Vim. Unfortunately that update failed to include binary packages for some architectures. This update fixes that regression. We apologize for the inconvenience. Original advisory details: It was discovered that Vim was not properly performing bounds checks when...

Evilginx2 v2.2.0 - Standalone Man-In-The-Middle Attack Framework Used For Phishing Login Credentials Along With Session Cookies, Allowing For The Bypass Of 2-Factor Authentication

evilginx2 is a man-in-the-middle attack framework used for phishing login credentials along with session cookies, which in turn allows to bypass 2-factor authentication protection. This tool is a successor to Evilginx, released in 2017, which used a custom version of nginx HTTP server to provide...

CVE-2018-18586

chmextract.c in the chmextract sample program, as distributed with libmspack before 0.8alpha, does not protect against absolute/relative pathnames in CHM files, leading to Directory Traversal. NOTE: the vendor disputes that this is a libmspack vulnerability, because chmextract.c was only intended...

Ubuntu 14.04 LTS : dpkg vulnerability (USN-2820-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2820-1 advisory. Hanno Boeck discovered that the dpkg-deb tool incorrectly handled certain old style Debian binary packages. If a user or an automated system were tricked into...

[SECURITY] [DSA 3025-1] apt security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3025-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso September 16, 2014 http://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3025-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-4547

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors...

GLSA-200803-30 : ssl-cert eclass: Certificate disclosure

The remote host is affected by the vulnerability described in GLSA-200803-30 ssl-cert eclass: Certificate disclosure Robin Johnson reported that the docert function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as srccompile or srcinstall, which will resul...

ssl-cert eclass: Certificate disclosure

Background The ssl-cert eclass is a code module used by Gentoo ebuilds to generate SSL certificates. Description Robin Johnson reported that the docert function provided by ssl-cert.eclass can be called by source building stages of an ebuild, such as srccompile or srcinstall, which will result in...

DSA-1494-1 linux-2.6 - privilege escalation

Bulletin has no description...

Webmin: Information leak in Gentoo binary package

Background Webmin is a web-based system administration console allowing an administrator to easily configure servers and other features. Using the 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build reusable binary packages for any of the packages available through the Portage tree...

Subject: [SECURITY] New version of kernel-image for sparc fixes DoS attack

As is widely known by now the Linux 2.2.x kernels had a problem with parsing IP options, which made them susceptible to a DoS attack. The Debian GNU/Linux 2.1 release for the Sun sparc architecture uses such a kernel. If you are using such a system and havent upgraded the kernel yourself, we...