Vulnerability fixed in ESET Security products

ESET has fixed a vulnerability in the following Security products for Linux and macOS: Server Security for Linux Endpoint Antivirus for Linux Cyber Security Endpoint Antivirus for macOS A local malicious agent can exploit the vulnerability to grant themselves elevated privileges and execute code...

Fuzzy SWMP 跨站脚本漏洞

SWMP is a Linux server statistics dashboard by the individual developer of Fuzzy. A cross-site scripting vulnerability exists in Fuzzy SWMP, which stems from a problem with the file swmp.php, where manipulation of the parameter theme can lead to cross-site scripting...

Vulnerability of the parse_lease_state() function (fs/ksmbd/oplock.c) in the SMB subsystem of the Linux operating system, allowing a hacker to trigger a service failure

The vulnerability of the parseleasestate function fs/ksmbd/oplock.c in the SMB subsystem of the Linux operating system is related to errors during variable initialization. Exploiting this vulnerability could allow an attacker to cause a service failure...

SUSE多款产品 安全漏洞

SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from SUSE, Germany. A security vulnerability exists in SUSE that stems from BCrypt hash misvalidation and affects the following products and versions: openSUSE Leap 15.4, SUSE Enterprise Storage 7, SUSE...

CVE-2022-45153

An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created...

SUSE Linux Enterprise Server 路径遍历漏洞

SUSE Linux Enterprise Server is a suite of enterprise server edition Linux operating systems from SUSE Germany. A path traversal vulnerability exists in SUSE Linux Enterprise Server. A remote attacker could use this vulnerability to read the files of a user running a process. The following produc...

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities...

SUSE: Security Advisory (SUSE-SU-2022:2279-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-22772

The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution RCE vulnerability that allows a low privileged attacker with...

Installing Veeam Data Mover service Error: scp: error: unexpected filename:

Challenge When adding a Linux server to Veeam Backup & Replication, the New Linux Server wizard displays the error: Installing Veeam Data Mover service Error: scp: error: unexpected filename: Copy Log Example C:\ProgramData\Veeam\Backup\Utils\Util.InfraItemSaver.log Info Uploading file to...

accel-ppp 安全漏洞

Accel-Ppp is a high performance Pptp/L2tp/Pppoe/Ipoe server for Linux. A security vulnerability exists in accel-ppp that stems from a buffer overflow vulnerability in the rad packet recv function in accel-pppd radius packet.c, which is triggered if a client connects to the server side and sends a...

CronRAT targets Linux servers with e-commerce attacks

There’s an interesting find over at the Sansec blog, wrapping time and date manipulation up with a very smart RAT attack. The file, named CronRAT, isn’t an e-commerce attack compromising payment terminals in physical stores. Rather, it looks to swipe payment details by going after vulnerable web...

The vulnerability of the syslog-ng protocol implementation in the SUSE Linux Enterprise Server operating system allows a perpetrator to elevate their privileges to the root level.

The vulnerability of the syslog-ng protocol implementation in the SUSE Linux Enterprise Server operating system is related to the tracking of symbolic links. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

Unspecified Vulnerability in Accel-Ppp

Accel-Ppp is a high performance Pptp/L2tp/Pppoe/Ipoe server for Linux. ACCEL-PPP 1.12.0 suffers from a security vulnerability that originates from a read out-of-bounds in tritoncontextschedule. An attacker can exploit the vulnerability to obtain sensitive information...

Fedora: Security Advisory for cockpit (FEDORA-2021-6d84fa5ea2)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE: Security Advisory (SUSE-SU-2021:14705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Command Execution Vulnerability in ZeroShell Net Service

zeroshell is a routing software that runs under a linux server. A command execution vulnerability exists in ZeroShell Net Service, which can be exploited by an attacker to gain control of the server...

SUSE: Security Advisory (SUSE-SU-2020:1524-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1601-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2019:1722-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...