OESA-2021-1282 libgit2 security update

libgit2 is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native speed custom Git applications in any language which supports C bindings. Security Fixes: An issue was discovered in libgit2 before 0.28.4 a...

3s-smart Software Solutions CODESYS Development System 代码问题漏洞

3s-smart Software Solutions CODESYS Development System is a set of programming tools for the field of industrial controllers and automation technology from 3S-Smart Software Solutions 3s-smart Software Solutions, Germany. A code issue vulnerability exists in the PackageManagement.plugin...

kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

DNSStager - Hide Your Payload In DNS

DNSStager is an open-source project based on Python used to hide and transfer your payload using DNS. DNSStager will create a malicious DNS server that handles DNS requests to your domain and return your payload as a response to specific record requests such as AAAA or TXT records after splitting...

Bughound - Static Code Analysis Tool Based On Elasticsearch

Bughound is an open-source static code analysis tool that analyzes your code and sends the results to Elasticsearch and Kibana to get useful insights about the potential vulnerabilities in your code. Bughound has its own Elasticsearch and Kibana Docker image that is preconfigured with dashboards ...

Security update for fossil (moderate)

openSUSE Security Update: Security update for fossil Announcement ID: openSUSE-SU-2021:1051-1 Rating: moderate References: 1187988 Affected Products: openSUSE Backports SLE-15-SP2 An update that contains security fixes can now be installed. Description: This update for fossil fixes the following...

Security update for fossil (moderate)

openSUSE Security Update: Security update for fossil Announcement ID: openSUSE-SU-2021:1052-1 Rating: moderate References: 1187988 Affected Products: openSUSE Backports SLE-15-SP1 An update that contains security fixes can now be installed. Description: This update for fossil fixes the following...

In Docker before 18.09.4 an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs and results in command injection into the underlying "git clone" command leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.

...

Citrix App Layering | Adding version to OS Layer failing with error "Failed to duplicate layer. Please ensure that Windows was shut down properly."

Adding version to OS Layer failing with error "Failed to duplicate layer. Please ensure that Windows was shut down properly". Screenshot of the error: On the ELM logs, we would see the below errors: 2021-07-14 09:20:34,824 INFO DefaultPool2 CopyPartitionByNtfsCloneJobStep: Cloning NTFS from block...

The Latest Pro-Trump Twitter Clone Leaks User Data on Day 1

Plus: A failed takedown in Russia, details on an FBI-sting encrypted phone, and more of the week's top security news...

HoneyCreds - Network Credential Injection To Detect Responder And Other Network Poisoners

HoneyCreds network credential injection to detect responder and other network poisoners. Requirements Requires Python 3.6+ tested on Python 3.9 smbprotocol cffi splunk-sdk Installation git clone https://github.com/Ben0xA/HoneyCreds.git cd HoneyCreds pip3 install -r requirements.txt Running python...

UVI-2021-1000587 btrfs: release path before starting transaction when cloning inline extent

btrfs: release path before starting transaction when cloning inline extent This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.42 by commit...

What is phishing attacks❓ Types and business impact

According to Wikipedia, phishing is a fraudulent attempt to obtain sensitive data by impersonating oneself as a trustworthy entity. Much like any other kind of fraud, the perpetrator is able to cause a significant amount of damage, especially when the threat persists for an extended period...

GSD-2021-1000015 netfilter: nftables: clone set element expression template

netfilter: nftables: clone set element expression template This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

UVI-2021-1000015 netfilter: nftables: clone set element expression template

netfilter: nftables: clone set element expression template This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.11.16 by commit...

kernel: fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent

A flaw possibility of race condition and incorrect initialization of the process id was found in the Linux kernel child/parent process identification handling while filtering signal handlers. A local attacker is able to abuse this flaw to bypass checks to send any signal to a privileged process...

[SECURITY] Fedora 34 Update: axel-2.17.10-1.fc34

Axel tries to accelerate HTTP/FTP downloading process by using multiple connections for one file. It can use multiple mirrors for a download. Axel has no dependencies and is lightweight, so it might be useful as a wget clone on byte-critical systems...

Git: User-assisted execution of arbitrary code

Background Git is a distributed version control system designed. Description It was discovered that Git could be fooled into running remote code during a clone on case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filte...

OSV-2021-631 Heap-buffer-overflow in ih264d_decode_slice_thread

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33167 Crash type: Heap-buffer-overflow READ 4 Crash state: ih264ddecodeslicethread ih264ddecodepicturethread clone...

PT-2021-8025 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the netfilter component of the Linux kernel, specifically with the nftables subsystem. It occurs when using connlimit in set elements, causing the memcp...