Botb - A Container Analysis And Exploitation Tool For Pentesters And Engineers

BOtB is a container analysis and exploitation tool designed to be used by pentesters and engineers while also being CI/CD friendly with common CI/CD technologies. What does it do? BOtB is a CLI tool which allows you to: Exploit common container vulnerabilities Perform common container post...

Updated subversion packages fix security vulnerabilities

Updated subversion packages fix security vulnerabilities: Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer CVE-2018-11782. Subversion's svnserve server process may exit when a client sends certain sequences of protocol commands...

CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

UBUNTU-CVE-2019-6473

An invalid hostname option can trigger an assertion failure in the Kea DHCPv4 server process kea-dhcp4, causing the server process to exit. Versions affected: 1.4.0 to 1.5.0, 1.6.0-beta1, and 1.6.0-beta2...

DEBIAN-CVE-2019-15292

An issue was discovered in the Linux kernel before 5.0.9. There is a use-after-free in atalkprocexit, related to net/appletalk/atalkproc.c, net/appletalk/ddp.c, and net/appletalk/sysctlnetatalk.c...

Linux kernel memory misreference vulnerability (CNVD-2019-32361)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A memory misreference vulnerability exists in atalkprocexit in Linux kernel versions prior to 5.0.9 related to...

openSUSE Security Update : pdns (openSUSE-2019-1904)

This update for pdns fixes the following issues : Security issues fixed : - CVE-2019-10203: Updated PostgreSQL schema to address a possible denial of service by an authorized user by inserting a crafted record in a MASTER type zone under their control. boo1142810 - CVE-2019-10162: Fixed a denial ...

libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

Apache Subversion svnserve servers denial of service vulnerability

Apache Subversion is the United States Apache Apache Software Foundation of a set of open source version control system. The system is compatible with Concurrent Versions System CVS. svnserve servers is one of the lightweight stand-alone servers . A security vulnerability exists in Apache...

UBUNTU-CVE-2018-11782

In Apache Subversion versions up to and including 1.9.10, 1.10.4, 1.12.0, Subversion's svnserve server process may exit when a well-formed read-only request produces a particular answer. This can lead to disruption for users of the server...

CVE-2019-10162

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...

Design/Logic Flaw

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...

CVE-2019-10162

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...

CVE-2019-10162

A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when ...

CVE-2019-10153

CVE-2019-10153 affects fence-agents prior to version 4.3.4. Multiple advisories (Red Hat, EulerOS, MiracleLinux, NewStart CGSL, Mageia, etc.) document that non‑ASCII characters in a guest VM’s comment/fields can cause fence_rhevm to exit with an exception. In cluster environments this can hinder ...

libssh2: Out-of-bounds memory comparison with specially crafted message channel request

An out of bounds read flaw was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit status message and no payload are parsed. A remote attacker who compromises a SSH server may be able to cause a denial of service or read data in the client memory...

FreeBSD : powerdns -- multiple vulnerabilities (1c21f6a3-9415-11e9-95ec-6805ca2fa271)

PowerDNS Team reports : CVE-2019-10162: An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit wh...

libssh2: Integer overflow in SSH packet processing channel resulting in out of bounds write

An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way SSHMSGCHANNELREQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server...

EulerOS Virtualization for ARM 64 3.0.1.0 : libssh2 (EulerOS-SA-2019-1393)

According to the versions of the libssh2 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A type confusion issue was found in the way libssh2 generated ephemeral secrets for the diffie-hellman-group1 and...

EulerOS Virtualization 2.5.3 : libssh2 (EulerOS-SA-2019-1362)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 in the way packets are read from th...