Linux Distributions affected by a privilege escalation vulnerability

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here A new privilege escalation vulnerability has been reported that affects all the major releases of the Linux kernel and being tracked as CVE-2022-0492. The issue primarily affects the Linux kernel feature known as control...

Exploit for Improper Authentication in Linux Linux_Kernel

CVE-2022-0492-Checker A script to check if a container environ...

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service DDoS attacks aimed at its domestic infrastructure. Some of the...

ALPINE-CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

AZL-37005 CVE-2021-3738 affecting package samba for versions less than 4.18.3-1

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

DEBIAN-CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

AZL-8905 CVE-2021-3738 affecting package samba 4.12.5-7

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

Design/Logic Flaw

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

CVE-2021-3738

In DCE/RPC it is possible to share the handles cookies for resource state between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only...

CVE-2021-3738

CVE-2021-3738 affects Samba’s AD DC RPC server where memory could be freed in a sub-connection, leaving a stale struct session_info. Impact described as potential crash with a use-after-free that could allow higher-privilege state to be referenced. Affected context appears in Samba advisories and...

EulerOS 2.0 SP5 : openssh (EulerOS-SA-2022-1280)

According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental...

WordPress WordPress Tag Cloud Plugin – Tag Groups plugin < 1.43.10.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WordPress Tag Cloud Plugin – Tag Groups plugin versions 1.43.10.1. Solution Update the WordPress WordPress Tag Cloud Plugin – Tag Groups plugin to the latest available version at least 1.43.10.1...

WordPress WordPress Tag Cloud Plugin – Tag Groups plugin < 1.43.10.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress Tag Cloud Plugin – Tag Groups plugin versions 1.43.10.1. Solution Update the WordPress WordPress Tag Cloud Plugin – Tag Groups plugin to the latest available version at least 1.43.10.1...

Ukraine’s Defense—and Hacktivists—Have Raised Over $4M in Crypto

Russia’s invasion into the country sparked a surge of crypto donations to resistance groups...

The vulnerability of the Tab Groups component in Google Chrome allows a hacker to execute arbitrary code.

The vulnerability of Google Chrome’s Tab Groups component is caused by an overflow in the buffer in the dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Gitlab -- multiple vulnerabilities

Gitlab reports: Runner registration token disclosure through Quick Actions Unprivileged users can add other users to groups through an API endpoint Inaccurate display of Snippet contents can be potentially misleading to users Environment variables can be leaked via the sendmail delivery method...

GSD-2022-1000285 Unsafe default configuration values in Nginx version all version

INFORMATIONAL In Nginx, all versions, a number of unsafe default configuration values exists in the web server that can be attacked via the network resulting in disclosure of information and availability. These include but are not limited to: 1. Not enough file descriptors per worker 2. The...

openSUSE 15 Security Update : chromium (openSUSE-SU-2022:0042-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0042-1 advisory. - Use after free in File Manager. CVE-2022-0603 - Heap buffer overflow in Tab Groups. CVE-2022-0604 - Use after free in Webstore API...

Heap Buffer Overflow

Google Chrome is vulnerable to heap buffer overflow. The vulnerability exist in Tab Groups...