openSUSE: Security Advisory for rpmlint (SUSE-SU-2023:0032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2023:0032-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2023-36106 · Usbguard +1 · Usbguard +2

Name of the Vulnerable Software and Affected Versions: rpmlint-mini affected versions not specified Description: The issue is related to an update for rpmlint-mini, which includes an update to polkit-default-privs version 13.2+20221216.a0c29e6. This update backports usbguard actions...

SUSE: Security Advisory (SUSE-SU-2022:4639-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 Security Update : polkit-default-privs (SUSE-SU-2022:4639-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:4639-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

SUSE-SU-2022:4639-1 Security update for polkit-default-privs

This update for polkit-default-privs fixes the following issues: Update to version 13.2+20221216.a0c29e6: - backport usbguard actions bsc1206414...

PT-2022-37541 · Unknown · Polkit-Default-Privs

Name of the Vulnerable Software and Affected Versions: polkit-default-privs versions prior to 13.2+20221216.a0c29e6 Description: The issue is related to the polkit-default-privs package, where an update to version 13.2+20221216.a0c29e6 includes backporting usbguard actions. Recommendations: Updat...

Backdoor.Win32.Hupigon.aspg MVID-2022-0634 Unquoted Service Path

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2022 Original source: https://malvuln.com/advisory/121bf601275e2aed0c3a6fe7910f9826.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.aspg Vulnerability: Insecure Service Path Description: The malware...

UBUNTU-CVE-2022-31214

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user...

MiningService.setBonding should use BONDING role instead of REINVESTOR one

Handle hyh Vulnerability details Impact BONDINGROLE cannot be managed after it was initialized. Proof of Concept setBonding set the wrong role via swapRole: Recommended Mitigation Steps Set BONDINGROLE instead of REINVESTORROLE in setBonding function: Now: function setBondingaddress bonding publi...

Trojan.Win32.Servstar.poa Unquoted Service Path

Discovery / credits: Malvuln - malvuln.com c 2021 Original source: https://malvuln.com/advisory/7588da376f496aa678cdfca4e404f38a.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Trojan.Win32.Servstar.poa Vulnerability: Insecure Service Path Description: The malware creates a...

Exploit for Improper Privilege Management in Freedesktop Accountsservice

Ubuntu-Gnome-privilege-escalation A bash script exploit of CV...

ZSQL: Content of ROLE SYS PRIVS Database

This script writes the complete database of ROLE SYS PRIVS to KB. Note:This script stores values in KB only and has no output. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe and Registry', 'Description' = %q This module exploits a flaw in the WSReset.exe...

Faleemi Windows Desktop Software - (DDNSIP) Local Buffer Overflow

Faleemi Windows Desktop Software - DDNSIP Local Buffer Overflow ''' Faleemi Desktop Software for Windows- DDNS/IP Local Buffer Overflow Vuln Description: Faleemi Desktop Software for Windows and its Beta version Faleemi Plus Desktop Software for WindowsBeta are vulnerable to Buffer Overflow...

Brocade Fabric OS 6.3.1b Weak System Configuration

Title: Brocade Fabric OS v6.3.1b - Multiple vulnerabilities Discovered by: Karn Ganeshen Vendor Homepage: www.brocade.com Versions Reported: Kernel 2.6.14.2 + FabOS v6.3.1b + BootProm 1.0.9 version Kernel: 2.6.14.2 Fabric OS: v6.3.1b BootProm: 1.0.9 1 Default diagnostic accounts root and factory...

OS X Install.framework suid root Runner Binary Privilege Escalation Vulnerability

Exploit for macOS platform in category local exploits Source: https://code.google.com/p/google-security-research/issues/detail?id=478 The Install.framework runner suid root binary does not correctly account for the fact that Distributed Objects can be connected to by multiple clients at the same...

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.250.2 - crypto: aesni - fix memory usage in GCM decryption Stephan Mueller Orabug: 21077389 CVE-2015-3331 2.6.39-400.250.1 - xen/pciback: Don't disable PCICOMMAND on PCI device reset. Konrad Rzeszutek Wilk Orabug: 20807440 CVE-2015-2150 - xen-blkfront: fix accounting of reqs when...

Unbreakable Enterprise kernel security update

kernel-uek 2.6.32-400.37.4 - isofs: Fix unchecked printing of ER records Jan Kara Orabug: 20930553 CVE-2014-9584 - selinux: Permit bounded transitions under NONEWPRIVS or NOSUID. Stephen Smalley Orabug: 20930502 CVE-2014-3215 - Add PRGET,SETNONEWPRIVS to prevent execve from granting privs Andy...

SCO Unixware 7.1 pkgcat Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/853/info It is possible to view the entries in /etc/shadow through exploiting a buffer overflow in pkgcat and pkginstall. Though neither of these binaries are setuid, the dacread permissions which are granted in...