EUVD-2010-3387

Malware in sbrugna...

Important: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Moderate: Red Hat Security Advisory: runc security update

An update for runc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

ALSA-2024:2180 Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: path/filepath: stack...

Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: crypto/tls: slow verification of certificate chains containing large RSA keys CVE-2023-29409 golang: crypto/tls: panic when processing post-handshake...

Moderate: runc security update

The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: golang: crypto/tls: large handshake records may cause panics CVE-2022-41724 runc: Rootless runc makes /sys/fs/cgroup writable CVE-2023-25809 runc: volume mount...

Oracle Linux 5 : rgmanager (ELSA-2011-1000)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2011-1000 advisory. 2.0.52-21 - rgmanager: Fix bad passing of SFLFAILURE up fixbadpassingofsflfailureup.patch Resolves: rhbz711521 2.0.52-20 - resource-agents: Improve LDLIBRARYPAT...

pacemaker bug fix and enhancement update

An update is available for pacemaker. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The Pacemaker cluster resource manager is a collection of technologies...

resource-agents security update

4.1.1-68 - azure-lb: fix redirect issue Resolves: rhbz1850778 4.1.1-67 - gcp-vpc-move-vip: add support for multiple alias IPs Resolves: rhbz1846733 4.1.1-65 - azure-events: handle exceptions in urlopen Resolves: rhbz1845574 4.1.1-64 - nfsserver: fix NFSv4-only support - azure-events: new resource...

Universal Plug and Play (UPnP) SUBSCRIBE can be abused to send traffic to arbitrary destinations

Overview The Universal Plug and Play UPnP protocol in effect prior to April 17, 2020 can be abused to send traffic to arbitrary destinations using the SUBSCRIBE functionality. Description The UPnP protocol, as specified by the Open Connectivity Foundation OCF, is designed to provide automatic...

Fedora 26 : openvswitch (2017-45625fecca)

Add a symlink of the OCF script in the OCF resources folder ---- Updated to Open vSwitch 2.7.3 and DPDK 16.11.3 for CVE-2017-14970 ---- Security fix for CVE-2017-9263, CVE-2017-9265 ---- Updated to Open vSwitch 2.7.1 and DPDK 16.11.2 1468234 Note that Tenable Network Security has extracted the...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

CVE-2010-3389

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

CVE-2010-3389

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

CVE-2010-3389

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

CVE-2010-3389

CVE-2010-3389 affects the SAPDatabase and SAPInstance scripts in OCF Resource Agents (resource-agents) 1.0.3 used by Linux-HA. The vulnerability arises from placing a zero-length directory name in LD_LIBRARY_PATH, enabling a local attacker to load a Trojan horse shared library from the current wo...

FairSoft S.Mini web Busines Prelease & Calendar asp Sql injection

thnx bro FairSoft S.Mini web Busines Prelease Calendar asp Sql injection include patch...ocf,ns ocf/Calendar/ViewEvent.asp,ns/Calendar/ViewEvent.asp,aboutus/newsroom/ViewPressRelease.asp Credit : CodeXpLoder'tq Mail : codexploderathotmaildotcom Site : codexploder.biyosecurity.net,biyofrm.com Sour...

Unfixed XSS vulnerability at www.ocf.berkeley.edu

Security researcher SeeD, has submitted on 11/12/2007 a cross-site-scripting XSS vulnerability affecting www.ocf.berkeley.edu, which at the time of submission ranked 1751 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 16/12/2007. It is current...