The Windows Registry Adventure #2: A brief history of the feature

Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of history behind it. In essence, the registry is a hierarchical database made of named "keys" and "values",...

Mageia: Security Advisory (MGASA-2014-0084)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Time to Ditch Big-Brother Accounts for Network Scanning

In almost every network, there is a highly privileged service account remotely connecting to all computers. These accounts are usually used by backup, security or monitoring solutions. But using such accounts to remotely login to systems on the network introduces unnecessary risk — it’s a bad...

Vulnerability of software packages for monitoring and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for managing access rights. This vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure.

The vulnerabilities of the software packages for supervisory control and data collection, MC Works64/MC Works32, the FrameWorX server, the centralized configuration environment for HMI-/SCADA applications, the Platform Services software platform, and the GenBroker64/GenBroker32 application for...

Vulnerability of software packages for monitoring and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for organizing API exchanges. This vulnerability allows a malicious actor to execute arbitrary code or trigger a service failure.

The vulnerabilities of the software packages for supervisory control and data collection, MC Works64/MC Works32, the FrameWorX server, the centralized configuration environment for HMI-/SCADA applications, the Platform Services software platform, and the GenBroker64/GenBroker32 application for...

Vulnerability of software packages for supervisory control and data collection: MC Works64/MC Works32, FrameWorX server, centralized configuration environment for HMI-/SCADA applications, Platform Services software platform, GenBroker64/GenBroker32 application for organization of access rights exchange. This vulnerability is related to insufficient control over code generation, allowing attackers to execute arbitrary commands.

The vulnerabilities of the software packages for supervisory control and data collection, MC Works64/MC Works32, the FrameWorX server, the centralized configuration environment for HMI-/SCADA applications, the Platform Services software platform, and the GenBroker64/GenBroker32 application for...

USN-3308-1: Puppet vulnerabilities

Dennis Rowe discovered that Puppet incorrectly handled the search path. A local attacker could use this issue to possibly execute arbitrary code. CVE-2014-3248 It was discovered that Puppet incorrectly handled YAML deserialization. A remote attacker could possibly use this issue to execute...

Debian Security Advisory DSA 2831-1 (puppet - insecure temporary files)

An unsafe use of temporary files was discovered in Puppet, a tool for centralized configuration management. An attacker can exploit this vulnerability and overwrite an arbitrary file in the system. OpenVAS Vulnerability Test $Id: deb2831.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated fr...

[USN-1928-1] Puppet vulnerabilities

========================================================================== Ubuntu Security Notice USN-1928-1 August 15, 2013 puppet vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Debian: Security Advisory (DSA-2761-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-2715-1 puppet - code execution

Bulletin has no description...

Debian DSA-2643-1 : puppet - several vulnerabilities

Multiple vulnerabilities were discovered in Puppet, a centralized configuration management system. - CVE-2013-1640 An authenticated malicious client may request its catalog from the puppet master, and cause the puppet master to execute arbitrary code. The puppet master must be made to invoke the...

Debian: Security Advisory (DSA-2451-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2352-1 : puppet - programming error

It was discovered that Puppet, a centralized configuration management solution, misgenerated certificates if the 'certdnsnames' option was used. This could lead to man in the middle attacks. More details are available on the Puppet website. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...

USN-1223-2: Puppet regression

USN-1223-1 fixed vulnerabilities in Puppet. A regression was found on Ubuntu 10.04 LTS that caused permission denied errors when managing SSH authorizedkeys files with Puppet. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Pupp...