Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted...

CVE-2020-8199

Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root...

CentOS: Security Advisory for qemu-img (CESA-2020:0366)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 31 Update: ocsinventory-agent-2.6.0-3.2.fc31

Open Computer and Software Inventory Next Generation is an application designed to help a network or system administrator keep track of computer configuration and software installed on the network. It also allows deploying software, commands or files on Windows and Linux client computers...

DEBIAN-CVE-2019-18625

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST...

UBUNTU-CVE-2019-18625

An issue was discovered in Suricata 5.0.0. It was possible to bypass/evade any tcp based signature by faking a closed TCP session using an evil server. After the TCP SYN packet, it is possible to inject a RST ACK and a FIN ACK packet with a bad TCP Timestamp option. The client will ignore the RST...

UBUNTU-CVE-2019-18792

An issue was discovered in Suricata 5.0.0. It is possible to bypass/evade any tcp based signature by overlapping a TCP segment with a fake FIN packet. The fake FIN packet is injected just before the PUSH ACK packet we want to bypass. The PUSH ACK packet containing the data will be ignored by...

Private Internet Access (PIA) VPN Client Arbitrary Code Execution Vulnerability (CNVD-2019-24214)

Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary code execution vulnerability exists in the London Trust Media Private Internet Access PIA VPN client for Linux, version 82. An attacker can exploit this vulnerability by passing a malicious...

Private Internet Access (PIA) VPN Client Arbitrary Code Execution Vulnerability (CNVD-2019-24217)

Private Internet Access PIA is a commercial VPN service operated by London Trust Media. An arbitrary code execution vulnerability exists in the London Trust Media Private Internet Access PIA VPN client for Linux, version 82. An attacker can exploit this vulnerability by creating a malicious libra...

CVE-2019-1853

A vulnerability in the HostScan component of Cisco AnyConnect Secure Mobility Client for Linux could allow an unauthenticated, remote attacker to read sensitive information on an affected system. The vulnerability exists because the affected software performs improper bounds checks. An attacker...

UBUNTU-CVE-2018-10924

It was discovered that fsync2 system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine...

CVE-2017-15049

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler...

Zoom Linux Client 2.0.106600.0904 - Command Injection

Zoom Linux Client 2.0.106600.0904 - Command Injection CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom clie...

Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)

CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...

Zoom Linux Client 2.0.106600.0904 Command Injection

CONVISO-17-003 - Zoom Linux Client Command Injection Vulnerability RCE 1. Advisory Information Conviso Advisory ID: CONVISO-17-003 CVE ID: CVE-2017-15049 CVSS v2: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904 zoomamd64.deb...

Zoom Linux Client 2.0.106600.0904 Buffer Overflow

CONVISO-17-002 - Zoom Linux Client Stack-based Buffer Overflow Vulnerability 1. Advisory Information Conviso Advisory ID: CONVISO-17-002 CVE ID: CVE-2017-15048 CVSS v2: 6.8, AV:N/AC:M/Au:N/C:P/I:P/A:P Date: 2017-10-01 2. Affected Components Zoom client for Linux, version 2.0.106600.0904...

Zoom Linux Client 2.0.106600.0904 Command Injection Vulnerability

The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler zoommtg:// and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is...

Fortinet FortiClient SSL_VPN for Linux Remote Code Execution Vulnerability

Fortinet FortiClient SSLVPN for Linux is a Linux-based VPN client for connecting to Fortinet devices. A remote code execution vulnerability exists in Fortinet FortiClient SSLVPN for Linux. An attacker can exploit this vulnerability to overwrite arbitrary files with FortiClient log files...

Fortinet FortiClient SSLVPN Linux Client Local Privilege Vulnerability

Fortinet FortiClient is a Fortinet security software solution for endpoints that provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication, etc. FortiClient SSLVPN Linux client is a Linux client software for SSL VPN Virtual Private Network products...

Nortel SSL VPN Linux Client <= 6.0.3 - Local Privilege Escalation Exploit

No description provided by source. !/bin/sh Nortel SSL VPN Linux Client race condition Jon Hart [email protected] The Linux client that is utilized by versions priot to 6.05 of the Nortel SSL VPN appliance suffers from a number of problems that, in combination, allow an unprivileged local user to...