133 matches found
SUSE: Security Advisory (SUSE-SU-2022:1757-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2022:1669-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-29156: Fixed a double free related to rtrscltdevrelease bnc1198515. - CVE-2022-28893: Ensuring that sockets are in the intended state inside the SUNR...
Metasploit Wrap-Up
Redis Sandbox Escape Our very own Jake Baines wrote a module that performs a sandbox escape on Redis versions between 5.0.0 and 6.1.0 and achieves remote code execution as the redis user. Redis installations can be password protected, so this module supports exploiting the vulnerability with and...
SUSE-SU-2022:1127-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR bsc1197903: MFSA 2022-14 bsc1197903 CVE-2022-1097: Fixed memory safety violations that could occur when PKCS11 tokens are removed while in use CVE-2022-28281: Fixed an out of bounds write due to...
Metasploit Weekly Wrap-Up
Exchange RCE Exchange remote code execution vulnerabilities are always valuable exploits to have. This week Metasploit added an exploit for an authenticated RCE in Microsoft Exchange servers 2016 and server 2019 identified as CVE-2021-42321. The flaw leveraged by the exploit exists in a...
SUSE-SU-2022:0366-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0435: Fixed remote stack overflow in net/tipc module that validate domain record count on input bsc1195254. - CVE-2022-0330: Fixed flush TLBs befor...
SUSE-SU-2022:0289-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4083: Fixed race condition in Unix domain socket garbage collection that could lead to read memory after free bsc1193727. - CVE-2021-4135: Fixed an...
SUSE-SU-2022:0181-1 Security update for the Linux Kernel
The SUSE MicroOS 5.0 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-4001: Fixed a race condition when the EBPF map is frozen. bsc1192990 - CVE-2021-4002: Added a missing TLB flush that could lead to leak or corruption of data in...
SUSE-SU-2022:0131-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated - Unprivileged BPF has been disabled by default to reduce attack surface as too many security issues have happened in the past jscSLE-22573 You can reenable via systemctl setting /proc/sys/kernel/unprivilegedbpfdisabled to 0...
SUSE-SU-2022:0079-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-24504: Fixed an uncontrolled resource consumption in some IntelR Ethernet E810 Adapter drivers that may have allowed an authenticated user to...
SUSE-SU-2022:0056-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2021-45485: Fixed an information leak because of certain use of a hash table which use IPv6 source addresses. bsc1194094 - CVE-2021-45486: Fixed an information leak because the hash table is very...
SUSE-SU-2021:3387-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2020-3702: Fixed a bug which could be triggered with specifically timed and handcrafted traffic and cause internal errors in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a...
All Vulnerabilities for cbinsights.com Patched via Open Bug Bounty
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| cbinsights.com ---|--- Open Bug Bounty...
Metasploit Wrap-Up
Anyone enjoy making chains? The community is hard at work building chains to pull sessions out of vulnerable Exchange servers. This week Rapid7's own wvu & Spencer McIntyre added a module that implements the ProxyShell exploit chain originally demonstrated by Orange Tsai. The module also benefite...
SUSE-SU-2021:2756-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-3659: Fixed a NULL pointer dereference in llseckeyalloc in net/mac802154/llsec.c bsc1188876. - CVE-2021-21781: Fixed a information disclosure...
OPENSUSE-SU-2021:1076-1 Security update for the Linux Kernel
The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: A heap out-of-bounds write affecting Linux was discovered in net/netfilter/xtables.c bnc1188116. - CVE-2021-33909: fs/seqfile.c did not properly restrict s...
SUSE-SU-2021:2406-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-22555: Fixed an heap out-of-bounds write in net/netfilter/xtables.c that could allow local provilege escalation. bsc1188116 - CVE-2021-33909: Fixed an...
SUSE-SU-2021:1975-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2021-33200: Enforcing incorrect limits for pointer arithmetic operations by the BPF verifier could be abused to perform out-of-bounds reads and writes ...
SUSE: Security Advisory (SUSE-SU-2015:0167-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2017:3265-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...