SUSE SLES11 Security Update : xz (SUSE-SU-2022:14938-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:14938-1 advisory. - An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a...

Ubuntu 16.04 ESM : XZ Utils vulnerability (USN-5378-3)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5378-3 advisory. USN-5378-2 fixed a vulnerability in XZ Utils. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Tenable has extracted the precedin...

CVE-2022-24842

MinIO CVE-2022-24842 involves an improper privilege management flaw where a non-admin user can create service accounts for root or other admin users and then assume those credentials, enabling privilege escalation to root. Public sources confirm affected MinIO deployments and that the issue has b...

CVE-2022-24842 Improper Privilege Management in MinIO

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. A security issue was found where an non-admin user is able to create service accounts for root or other admin users and then is able to assume their access policies via the generated credentials. Thi...

USN-5375-1: GNU cflow vulnerability

It was discovered that GNU cflow was incorrectly handling memory cleanup operations at the end of a compilation module. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

XWiki Information Disclosure Vulnerability (GHSA-97jg-43c9-q6pf)

XWiki is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

p0insettia

It is an offensive tool for iOS jailbreak. The tool, named p0insettia, is designed to perform a tethered jailbreak on iOS 10.3.4 32-bit devices, specifically the iPhone 5, using the checkm8 BootROM exploit. The tool is written in C and uses the libcurl library for network operations. The code is...

[SECURITY] [DLA 2976-1] gzip security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2976-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta April 10, 2022 https://wiki.debian.org/LTS -...

Denial Of Service (DoS)

Red Hat is vulnerable to denial of service. The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a...

Debian DLA-2977-1 : xz-utils - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2977 advisory. An arbitrary-file-write vulnerability was discovered in xz-utils, which provides XZ-format compression utilities. For Debian 9 stretch, this problem has been fixed in versi...

binutils 2.37 Objdump Segmentation Fault

Exploit Title: binutils 2.37 - Objdump Segmentation Fault Date: 2021-11-03 Exploit Author: p3tryx Vendor Homepage: https://www.gnu.org/software/binutils/ Version: binutils 2.37 Tested on: Ubuntu 18.04 CVE : CVE-2021-43149 Payload file %223"\972\00\0083=Q333A11111111411111333333A $$$\FF$\80 1114...

PT-2022-2156 · Gnu +11 · Gnu Gzip +11

Name of the Vulnerable Software and Affected Versions: GNU gzip versions affected versions not specified Description: An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. This flaw occurs due to insufficient validation when processing filenames with two or more newlines...

UBUNTU-CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

Medium: glibc

Issue Overview: A stack based buffer-overflow vulnerability was found in the deprecated compatibility function svcunixcreate in the sunrpc's svcunix.c module of the GNU C Library aka glibc through 2.34. This vulnerability copies its path argument onto the stack without validating its length, whic...

Adminer 1.12.0 - 4.6.2 Information Disclosure Vulnerability

Adminer is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adminer:adminer";...

CVE-2022-27943

A flaw was found in binutils, where GNU GCC is vulnerable to a denial of service caused by a stack consumption in the demangleconst function in ibiberty/rust-demangle.c. The vulnerability exists due to the application not properly controlling the consumption of internal resources. By persuading a...

Exploit for Code Injection in Vmware Spring_Framework

CVE-2022-22965 Spring4Shell Proof of Concept !img/spring...

Fedora: Security Advisory for ghc-cmark-gfm (FEDORA-2022-1f981071eb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for 389-ds-base (FEDORA-2022-2558f14c58)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...