curl: huge COLUMNS causes progress-bar to buffer overflow

Summary: If an attacker can set environmental variables, curl will always crash with a buffer overflow when downloading a file if the --progress-bar argument is set. Steps To Reproduce: Just run the following command on a 64-bit Linux system verified on Ubuntu 19.04. bash Of course you can set th...

Xerox ColorQube Printers RCE Vulnerability (XRX19C)

Xerox ColorQube printers are prone to a remote code execution RCE vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

iSCSI unauthorized access vulnerability, tens of thousands of iSCSI are likely to be affected-vulnerability warning-the black bar safety net

! Overview iSCSI Internet Small Computer System Interface Internet small computer system interface, also known as IP-SAN, is an Internet-based and SCSI-3 protocols storage technology, by the IETF, proposed, and 2003 2 May 11, became the official standard. 2019 4 December 17, white cap sinks a...

CVE-2019-10880

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request OS Command Injection vulnerability in the HTTP interface. Depending upon configuration authentication may not be necessary...

CVE-2019-10880

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request OS Command Injection vulnerability in the HTTP interface. Depending upon configuration authentication may not be necessary...

Command injection

Within multiple XEROX products a vulnerability allows remote command execution on the Linux system, as the "nobody" user through a crafted "HTTP" request OS Command Injection vulnerability in the HTTP interface. Depending upon configuration authentication may not be necessary...

The vulnerability of the package for configuring the cloud-init process in Linux operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the cloud-init configuration package for Linux operating systems is related to an error in the handling of authentication keys controlled by the user. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected...

Security Bulletin: IBM® DB2® contains a denial of service vulnerability in scalar functions (CVE-2018-1977)

Summary IBM DB2 contains a denial of service vulnerability on Linux System z® platform. A remote, authenticated DB2 user could exploit this vulnerability by executing a specially-crafted SQL statement with the TRUNCATE scalar functions. This could result in a DB2 server crash; if so, the server...

[SECURITY] Fedora 29 Update: glibc-2.28-22.fc29

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

CentOS 7 : glibc (CESA-2018:3092)

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

[SECURITY] Fedora 27 Update: glibc-2.26-30.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Micro Focus openSUSE Command Execution Vulnerability

Micro Focus openSUSE is a Linux-based free operating system from Micro Focus in the UK. mdadm is one of the packages used to manage and monitor RAID. A security vulnerability in the mdcheck script of the mdadm package in Micro Focus openSUSE versions 3.3.1-5.14.1 prior to version 13.2 stems from...

[SECURITY] Fedora 27 Update: glibc-2.26-28.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

[SECURITY] Fedora 28 Update: glibc-2.27-14.fc28

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

glibc security update

2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...

glibc security, bug fix, and enhancement update

2.17-222 - Restore internal GLIBCPRIVATE symbols for use during upgrades 1523119 2.17-221 - CVE-2018-1000001: Fix realpath buffer underflow 1534635 - i386: Fix unwinding for 32-bit C++ application 1529982 - Reduce thread and dynamic loader stack usage 1527904 - x86-64: Use XSAVE/XSAVEC more often...

[SECURITY] Fedora 27 Update: glibc-2.26-26.fc27

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Security update for postgresql95 (important)

This update for postgresql95 fixes the following issues: Upate to PostgreSQL 9.5.11: Security issues fixed: https://www.postgresql.org/docs/9.5/static/release-9-5-11.html CVE-2018-1053, boo1077983: Ensure that all temporary files made by pgupgrade are non-world-readable. boo1079757: Rename...

[SECURITY] Fedora 26 Update: glibc-2.25-13.fc26

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

One-Lin3r - Gives you one-liners that aids in penetration testing operations

One-Lin3r is simple and light-weight framework inspired by the web-delivery module in Metasploit. It consists of various one-liners that aids in penetration testing operations: Reverser: Give it IP & port and it returns a reverse shell liner ready for copy & paste. Dropper: Give it an...