Code injection

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

CVE-2019-15521

Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and other products, allows PHP object injection via a cookie containing an object...

go-toolset:rhel8 security update

go-toolset 1.11.5-2 - Include patch to fix CVE-2019-9741 - Resolves: rhbz1690443 golang 1.11.5-2 - Include patch to fix CVE-2019-9741 - Resolves: rhbz1690443 1.11.5-2 - Switch to pagure fork for Go FIPS...

Prototype Pollution

Overview @sailshq/lodash is a fork of Lodash 3.10.x with ongoing maintenance from the Sails core team. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor...

Malicious Package

destroyer-of-worlds is a malicious package. A malicious bash script resides in the package which will execute as a postinstall script. The script deletes system files and creates a large file, fork bomb and an endless loop in an attempt to crash the host...

polkit: Temporary auth hijacking via PID reuse and non-atomic fork

A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges...

CHAOS Framework v3.0 - Generate Payloads And Control Remote Windows Systems

CHAOS is a PoC that allow generate payloads and control remote operating systems. Features Feature | Windows | Mac | Linux ---|---|---|--- Reverse Shell | X | X | X Download File | X | X | X Upload File | X | X | X Screenshot | X | X | X Keylogger | X | | Persistence | X | | Open URL | X | X | X...

USN-3934-1 policykit-1 vulnerability

It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations...

EulerOS 2.0 SP2 : polkit (EulerOS-SA-2019-1122)

According to the version of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - polkit: Temporary auth hijacking via PID reuse and non-atomic fork CVE-2019-6133 Note that Tenable Network Security has extracted the preceding...

openSUSE Security Update : the Linux Kernel (openSUSE-2019-769)

The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2018-14633: A security flaw was found in the chapservercomputemd5 function in the ISCSI target code in a way an authentication request from an ISCSI initiator is...

Ubuntu 14.04 LTS : Linux kernel (Xenial HWE) vulnerabilities (USN-3910-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3910-2 advisory. USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

Ubuntu: Security Advisory (USN-3910-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3910-1: Linux kernel vulnerabilities

It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflushmerge mount option correctly. An attacker could use this to cause a denial of service system crash. CVE-2017-18241 It was discovered that the procfs filesystem did not properly handle processes...

USN-3910-1 linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities

It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflushmerge mount option correctly. An attacker could use this to cause a denial of service system crash. CVE-2017-18241 It was discovered that the procfs filesystem did not properly handle processes...

USN-3910-2 linux-lts-xenial, linux-aws vulnerabilities

USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not...

USN-3908-2: Linux kernel (Trusty HWE) vulnerability

USN-3908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement HWE kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A...

Ubuntu 14.04 LTS : Linux kernel vulnerability (USN-3908-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3908-1 advisory. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache...

Ubuntu: Security Advisory (USN-3908-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3908-1 linux vulnerability

Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations...

USN-3908-1: Linux kernel vulnerability

Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations...