21 matches found
Astra Linux - уязвимость в linux
A locking issue was discovered in the tty subsystem of the Linux kernel through version 5.9.13. The file drivers/tty/ttyjobctrl.c allows for a use-after-free attack against TIOCSPGRP, also known as CID-54ffccbf053b...
EUVD-2021-31892
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-45101
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access t...
SUSE CVE-2020-29661
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/ttyjobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b...
DEBIAN-CVE-2021-45101
An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access to an HTCondor SchedD or Collector daemon can discover secrets that could allow them to control other users' jobs and/or read their data...
CVE-2021-45101
The CVE-2021-45101 issue affects HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. A user with only READ access to an HTCondor SchedD or Collector daemon can use standard command-line tools to discover secrets, potentially allowing them to control other users’ jobs and/or read t...
How a simple Linux kernel memory corruption bug can lead to complete system compromise
An analysis of current and potential kernel security mitigations Posted by Jann Horn, Project Zero Introduction This blog post describes a straightforward Linux kernel locking bug and how I exploited it against Debian Buster's 4.19.0-13-amd64 kernel. Based on that, it explores options for securit...
kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free
A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free
A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free
A locking vulnerability was found in the tty subsystem of the Linux kernel in drivers/tty/ttyjobctrl.c. This flaw allows a local attacker to possibly corrupt memory or escalate privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...
A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP aka CID-54ffccbf053b.
...
CVE-2019-1003050
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting XSS vulnerability exploitable by users with the ability to control job names...
Cross-site Scripting (XSS)
Red Hat Enterprise MRG Messaging, Realtime, and Grid is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. A number of unprotected resources web pages, export functionality,...
Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner
celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...
Fedora 27 : glibc (2017-828f8a8fc6)
This update addresses RHBZ1468837, which caused bash to lack job control in mock chroots. Note that glibc inside the chroot needs to be upgraded for the fix to be effective. In additon, two dynamic linker issues where fixed which are not security bugs, but received CVE IDs nevertheless RHBZ152486...
[SECURITY] Fedora 22 Update: lftp-4.6.1-4.fc22
LFTP is a sophisticated ftp/http file transfer program. Like bash, it has j ob control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind...
[SECURITY] Fedora 20 Update: lftp-4.5.4-3.fc20
LFTP is a sophisticated ftp/http file transfer program. Like bash, it has j ob control and uses the readline library for input. It has bookmarks, built-in mirroring, and can transfer several files in parallel. It is designed with reliability in mind...
DEBIAN-CVE-2012-3493
The commandgiverequestad function in condorstartd.V6/command.cpp Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 allows remote attackers to obtain sensitive information, and possibly control or start arbitrary jobs, via a ClassAd request to the condorstartd port, which leaks the ClaimId...
CentOS Update for lftp CESA-2009:1278 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
lftp security update
CentOS Errata and Security Advisory CESA-2009:1278 An updated lftp package that fixes one security issue and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. LFTP is a sophisticated file...