openSUSE Security Update : the Linux Kernel (openSUSE-2018-515) (Spectre)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are...

openSUSE Security Update : qemu (openSUSE-2018-489) (Spectre)

This update for qemu fixes several issues. This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all pri...

SUSE SLES11 Security Update : kvm (SUSE-SU-2018:1389-1) (Spectre)

This update for kvm fixes the following issues: This security issue was fixed : - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of al...

Security update for qemu (important)

This update for qemu fixes several issues. This security issue was fixed: - CVE-2018-3639: Spectre v4 vulnerability mitigation support for KVM guests bsc1092885. Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prio...

SUSE-SU-2018:1377-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to receive various security and bugfixes. The following security bug was fixed: - CVE-2018-3639: Information leaks using 'Memory Disambiguation' feature in modern CPUs were mitigated, aka 'Spectre Variant 4' bnc1087082. A new boot commandli...

Nagios XI admin/commandline.php SQL Injection Vulnerability

Nagios is an open source, free network monitoring tool that effectively monitors the status of hosts, switches routers and other network devices, printers, etc. for Windows, Linux and Unix. Nagios XI 5.4.12 and earlier versions of admin/commandline.php cname parameter contains a SQL injection...

CVE-2018-10735

A SQL injection issue was discovered in Nagios XI before 5.4.13 via the admin/commandline.php cname parameter...

[SECURITY] [DSA 4149-1] plexus-utils2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4149-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 22, 2018 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4146-1] plexus-utils security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4146-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 20, 2018 https://www.debian.org/security/faq -...

Design/Logic Flaw

The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...

[SECURITY] Fedora 26 Update: osc-0.162.1-230.1.1.fc26

Commandline client for the Open Build Service. See http://en.opensuse.org/openSUSE:OSC , as well as http://en.opensuse.org/openSUSE:BuildServiceTutorial for a general introduction...

Debian DLA-1236-1 : plexus-utils security update

Charles Duffy discovered that the Commandline class in plexus-utils, a collection of components used by Apache Maven, does not correctly quote the contents of double-quoted strings. An attacker may use this flaw to inject arbitrary shell commands. For Debian 7 'Wheezy', these problems have been...

radare2 - Unix-Like Reverse Engineering Framework And Commandline Tools

r2 is a rewrite from scratch of radare in order to provide a set of libraries and tools to work with binary files. The radare project started as a forensics tool, a scriptable command-line hexadecimal editor able to open disk files, but later support for analyzing binaries, disassembling code,...

GNU Wget < 1.18 - Access List Bypass / Race Condition

''' ============================================= - Discovered by: Dawid Golunski - dawidatlegalhackers.com - https://legalhackers.com - https://legalhackers.com/advisories/Wget-Exploit-ACL-bypass-RaceCond-CVE-2016-7098.html - CVE-2016-7098 - Release date: 24.11.2016 - Revision 1.0 - Severity:...

BrowserBackdoor - Secure JavaScript WebSocket Backdoor and a Ruby Command-Line Listener

BrowserBackdoor is an Electron application that uses a JavaScript WebSocket Backdoor to connect to the listener. BrowserBackdoorServer is a WebSocket server that listens for incoming WebSocket connections and creates a command-line interface for sending commands to the remote system. The JavaScri...

CVE-2015-5303

The TripleO Heat templates tripleo-heat-templates, when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter...

PentestBox 2.0 - Portable Penetration Testing Distribution for Windows Environments

PentestBox provides all security tools as a software package, eliminating requirement of Virtual machines or dualboot environments on Windows Operating System. It is created because more than 50% of penetration testing distribution users uses windows. Source So it provides an efficient platform f...

CVE-2015-7865

nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a...

[SECURITY] Fedora 20 Update: osc-0.151.1-163.2.1.fc20

Commandline client for the openSUSE Build Service. See http://en.opensuse.org/openSUSE:OSC , as well as http://en.opensuse.org/openSUSE:BuildServiceTutorial for a general introduction...

[SECURITY] Fedora 22 Update: osc-0.151.1-163.2.1.fc22

Commandline client for the openSUSE Build Service. See http://en.opensuse.org/openSUSE:OSC , as well as http://en.opensuse.org/openSUSE:BuildServiceTutorial for a general introduction...