I added support for ALT Linux OVAL content in Linux Patch Wednesday

I added support forALT Linux OVAL contentin Linux Patch Wednesday. Now I track when specific CVEs were fixed in ALT Linux packages and take that into account when generating the monthly bulletins. The more data sources on patched vulnerabilities in Linux distributions are used, the more accurate...

MAL-2024-9410 Malicious code in @wame/blue-oval-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7e78469219df8a871a20d6be1d56c0eeb76cfeb644f365c69c30a962a6022023 The OpenSSF Package Analysis project identified '@wame/blue-oval-theme' @ 16.10.10 npm as malicious. It is considered malicious because: - The...

MAL-2024-7060 Malicious code in blue-oval-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c708f4696b33e43ba9ca5b70bafa9ac82b1ee694df0caa84f7283885ff8d5544 The OpenSSF Package Analysis project identified 'blue-oval-theme' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in blue-oval-theme (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis c708f4696b33e43ba9ca5b70bafa9ac82b1ee694df0caa84f7283885ff8d5544 The OpenSSF Package Analysis project identified 'blue-oval-theme' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW. Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting...

aboutus.babycare.lk Cross Site Scripting vulnerability OBB-3477855

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2011-3351

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system...

How Debian OVAL content is structured

Hello everyone! As we saw in the last episode, the results of vulnerability detection for one host produced by two different APIs can vary greatly. Therefore, in order to find out the truth, it is necessary to understand what vulnerability data is provided by the Linux distribution vendor and how...

How to Perform a Free Ubuntu Vulnerability Scan with OpenSCAP and Canonical’s Official OVAL Content

Hello everyone! Five years ago I wrote a blogpost about OpenSCAP. But it was only about the SCAP Workbench GUI application and how to use it to detect security misconfigurations. Alternative video link for Russia: This time, I will install the OpenSCAP command line tool on Ubuntu and use it to...

Friday Squid Blogging: Breeding the Oval Squid

Japanese scientists are trying to breed the oval squid in captivity. As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

Fedora: Security Advisory for golang-github-quay-goval-parser (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 36 Update: golang-github-quay-goval-parser-0.8.6-5.fc36

OVAL parser written in go...

Fedora: Security Advisory for golang-github-quay-goval-parser (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-github-quay-goval-parser-0.8.6-4.fc35

OVAL parser written in go...

Fedora: Security Advisory for golang-github-quay-goval-parser (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-github-quay-goval-parser-0.8.6-4.fc36

OVAL parser written in go...

virtual-oval.de Cross Site Scripting vulnerability OBB-2319980

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2011-3351

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system...

CVE-2011-3351

openvas-scanner before 2011-09-11 creates a temporary file insecurely when generating OVAL system characteristics document with the ovaldi integrated tool enabled. A local attacker could use this flaw to conduct symlink attacks to overwrite arbitrary files on the system...

Vuls - Vulnerability Scanner For Linux/FreeBSD, Agentless, Written In Go

Vulnerability scanner for Linux/FreeBSD, agentless, written in golang. Twitter: @vulsen DEMO Abstract For a system administrator, having to perform security vulnerability analysis and software update on a daily basis can be a burden. To avoid downtime in production environment, it is common for...