The vulnerability of the dev_map_read function in the input/output tracing utility Blktrace allows a attacker to cause a service failure.

The vulnerability of the devmapread function in the Blktrace input/output tracing utility is related to the operation of pushing the output data beyond the allowable buffer size in memory. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

GHSA-2CCX-2GF3-8XVV Kirby .dev domains and some reverse proxy setups were treated as local

Impact About our registration block In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget...

Kirby .dev domains and some reverse proxy setups were treated as local

Impact About our registration block In order to protect new installations on public servers that don't have an admin account for the Panel yet, we block account registration there by default. This is a security feature, which we implemented years ago in Kirby 2. It helps to avoid that you forget...

Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan RAT capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook,...

Experts Sound Alarm On New Android Malware Sold On Hacking Forums

Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan RAT capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook,...

h1-ctf: [h1ctf-Grinch Networks] MrR3b00t Saving the Christmas

Disclaimer: Certain things are a bit modified to set the pieces for the story. Also you can find the flags for all 12 challenges in file F1138300 , Now enjoy : █▀▄▀█ █▀█ ░ █▀█ █▄▄ █▀█ █▀█ ▀█▀ █░▀░█ █▀▄ ▄ █▀▄ █▄█ █▄█ █▄█ ░█░ saves the Christmas Episode - 0x00 Pil0t.py It was a gloomy clear night,...

ledger-rest-api-dev (>=0.1.9 <=0.1.10) potentially affected by CVE-2020-11093 via indy-node (=1.0.28)

indy-node PYPI version =1.0.28 is affected by a known vulnerability. The following packages have a transitive dependency on indy-node and may be impacted: - ledger-rest-api-dev =0.1.9, =0.1.10 Source cves: CVE-2020-11093 Source advisory: OSV:PYSEC-2020-48...

GLSA-202012-13 : OpenSSL: Denial of service

The remote host is affected by the vulnerability described in GLSA-202012-13 OpenSSL: Denial of service A NULL pointer dereference flaw was found in OpenSSL. Impact : A remote attacker, able to control the arguments of the GENERALNAMEcmp function in an application linked against OpenSSL, could...

Ubuntu 20.10 : python-apt regression (USN-4668-2)

The remote Ubuntu 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4668-2 advisory. USN-4668-1 introduced a regression in python-apt. Tenable has extracted the preceding description block directly from the Ubuntu security advisory. Note that Nessus h...

Debian: Security Advisory (DLA-2485-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DLA-2485-1 : golang-golang-x-net-dev security update (Ping Flood) (Reset Flood)

The http2 server support in this package was vulnerable to certain types of DOS attacks. CVE-2019-9512 This code was vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of response...

NewStart CGSL CORE 5.04 / MAIN 5.04 : libqb Vulnerability (NS-SA-2020-0057)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has libqb packages installed that are affected by a vulnerability: - libqb before 1.0.5 allows local users to overwrite arbitrary files via a symlink attack, because it uses predictable filenames under /dev/shm and /tmp without...

DLA-2485-1 golang-golang-x-net-dev - security update

Bulletin has no description...

CVE-2020-26253

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

CVE-2020-26253

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

Design/Logic Flaw

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

CVE-2020-26253 .dev domains treated as local in Kirby

Kirby is a CMS. In Kirby CMS getkirby/cms before version 3.3.6, and Kirby Panel before version 2.5.14 there is a vulnerability in which the admin panel may be accessed if hosted on a .dev domain. In order to protect new installations on public servers that don't have an admin account for the Pane...

Kirby Access Control Error Vulnerability

Kirby is a file-based content management system CMS. A security vulnerability exists in Kirby CMS versions prior to 3.3.6 and Kirby Panel versions prior to 2.5.14, which stems from the fact that the admin panel may be accessible if hosted in a .dev domain. To protect new installations on public...

DEBIAN-CVE-2020-14339

A flaw was found in libvirt, where it leaked a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of...

The vulnerability of the `romfs_dev_read` function in the Linux operating system’s kernel, which allows a hacker to gain unauthorized access to protected information.

The vulnerability of the romfsdevread function in the Linux operating system’s kernel is related to insufficient input validation. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...