openSUSE Security Update : ldb / samba (openSUSE-2020-1023)

"This update for ldb, samba fixes the following issues : Changes in samba : - Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; bso14364 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

kielce.stat.gov.pl Open Redirect vulnerability

Open Bug Bounty ID: OBB-1145380 Security Researcher myNickName Helped patch 200 vulnerabilities Received 2 Coordinated Disclosure badges , a holder of 2 badges for responsible and coordinated disclosure, found a security vulnerability affecting kielce.stat.gov.pl website and its users. Following...

CVE-2019-19835

SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote denial of service via the server attribute to the tools/rcmdstat.jsp URI...

Linux: SSH /etc/ssh/sshd_config chown

The /etc/ssh/sshdconfig file contains configuration specifications for sshd. This should be protected from unauthorized changes by non-privileged users. Copyright C 2020 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or...

(0Day) Linux Kernel proc stat Improper Access Control Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the logi...

NewStart CGSL MAIN 4.05 : openssh-latest Multiple Vulnerabilities (NS-SA-2019-0146)

The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by multiple vulnerabilities: - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice...

USN-3968-2 sudo vulnerability

USN-3968-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some...

Ubuntu 16.04 LTS : Sudo vulnerabilities (USN-3968-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3968-1 advisory. Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use...

CVE-2019-11190

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...

DEBIAN-CVE-2019-11191

The Linux kernel through 5.0.7, when CONFIGIA32AOUT is enabled and ia32aout is loaded, allows local users to bypass ASLR on setuid a.out programs if any exist because installexeccreds is called too late in loadaoutbinary in fs/binfmtaout.c, and thus the ptracemayaccess check has a race condition...

CVE-2019-11190

The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in fs/binfmtelf.c, and thus the ptracemayaccess check has a race condition when reading /proc/pid/stat...

PT-2019-5360 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.0.7 Description: The issue allows local users to bypass ASLR on setuid a.out programs because install exec creds is called too late in load aout binary in fs/binfmt aout.c, and thus the ptrace may access check...

@jser/classifier-item-category (=1.0.1), jser-classifier-item-category (>=1.0.1 <=1.6.1) potentially affected by CVE-2016-10592 via jser-stat (>=3.1.0 <=4.0.3)

jser-stat NPM version =3.1.0, =1.0.1, =1.6.1 Source cves: CVE-2016-10592 Source advisory: OSV:GHSA-5W4P-H4GM-3W26...

Downloads Resources over HTTP in jser-stat

Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavio...

stat-x.shop XSS vulnerability

Open Bug Bounty ID: OBB-686800 Description| Value ---|--- Affected Website:| stat-x.shop Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unti...

[SECURITY] [DLA 1510-1] glusterfs security update

Package : glusterfs Version : 3.5.2-2+deb8u4 CVE ID : CVE-2018-10904 CVE-2018-10907 CVE-2018-10911 CVE-2018-10913 CVE-2018-10914 CVE-2018-10923 CVE-2018-10926 CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 Debian Bug : 909215 Multiple security vulnerabilities were discovered in...

CVE-2016-6566

The valueAsString parameter inside the JSON payload contained by the ucLogintxtLoginIdClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may...

OracleVM 3.3 / 3.4 : procps (OVMSA-2018-0226)

The remote OracleVM system is missing necessary patches to address critical security updates : - vmstat: fix invalid CPU utilization stats after vCPU hot-plug/unplug Konrad Rzeszutek Wilk bug 18011019 - drop leftover assignment in fix for CVE-2018-1124 causing a severe regression - Resolves:...

CVE-2016-10592

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...

Design/Logic Flaw

jser-stat is a JSer.info stat library. jser-stat downloads data resources over HTTP, which leaves it vulnerable to MITM attacks...