CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

CentOS Update for kernel CESA-2017:0892 centos6

Check the version of kernel SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882688";...

CentOS 6 : kernel (CESA-2017:0892)

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

OracleVM 3.3 / 3.4 : coreutils (OVMSA-2017-0052)

The remote OracleVM system is missing necessary patches to address critical security updates : - clean up empty file if cp is failed Orabug 15973168 - pure rebuild to bring back support for aclextendedfilenofollow on x8664 - su: deny killing other processes with root privileges CVE-2017-2616 - fi...

Coppermine Gallery 1.5.44 Directory Traversal

Coppermine Gallery = 1.5.44 directory traversal vulnerability ============================================================== Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagick as image library with a MySQL backend. A...

Coppermine Gallery < 1.5.44 - Directory Traversal

Coppermine Gallery = 1.5.44 directory traversal vulnerability ============================================================== Coppermine is a multi-purpose fully-featured and integrated web picture gallery script written in PHP using GD or ImageMagick as image library with a MySQL backend. A...

Man In The Middle (MitM)

jser-stat is vulnerable to man-in-the-middle MitM attacks due to downloading data resources over an insecure protocol. It is possible for an attacker to intercept this connection and alter the packages received...

Downloads Resources over HTTP

Overview Affected versions of jser-stat insecurely downloads resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on th...

kernel: Information leak when truncating of compressed/inlined extents on BTRFS

An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly...

kernel: Information leak when truncating of compressed/inlined extents on BTRFS

An information-leak vulnerability was found in the kernel when it truncated a file to a smaller size which consisted of an inline extent that was compressed. The data between the new file size and the old file size was not discarded and the number of bytes used by the inode were not correctly...

Linux Kernel 2.6.22 3.9 - Dirty COW PTRACE_POKEDATA Race Condition (Write Access Method)

Linux Kernel 2.6.22 3.9 - Dirty COW PTRACEPOKEDATA Race Condition Write Access Method // $ echo pikachu|sudo tee pokeball;ls -l pokeball;gcc -pthread pokemon.c -o d;./d pokeball miltank;cat pokeball include //// pikachu include //// -rw-r--r-- 1 root root 8 Apr 4 12:34 pokeball include ////...

SUSE-SU-2016:2553-1 Security update for kdump

This update for kdump provides several fixes and enhancements: - Refresh kdumprd if /etc/hosts or /etc/nsswitch.conf is changed. bsc943214 - Add a separate systemd service to rebuild kdumprd at boot. bsc943214 - Improve network setup in the kdump environment by reading configuration from wicked b...

ecryptfs-utils: privilege escalation

An unprivileged user can mount an ecryptfs over /proc/$pid because according to stat, it is a normal directory and owned by the user. However, the user is not actually permitted to create arbitrary directory entries in /proc/$pid, and ecryptfs' behavior might be enabling privilege escalation...

openSUSE Security Update : fuse (openSUSE-2015-401)

Update to version 2.9.4 - fix exec environment for mount and umount bsc931452, CVE-2015-3202 - properly restore the default signal handler - fix directory file handle passed toioctl method. - fix for uids/gids larger than 2147483647 - initialize stat buffer passed to getattr and fgetattr...

WordPress Plugin Free Counter Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Free Counter is one of the counting and statistics plugin. A cross-site scripting vulnerability exists in version 1...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2015:0863 Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

CVE-2014-9453

Multiple cross-site scripting XSS vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 HTTP User-Agent or 2 HTTP Referer header...

WordPress Simple Visitor Stat Cross Site Scripting

Title: WordPress 'Simple Visitor Stat' plugin - Stored XSS Reported by: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/simple-visitor-stat/ ---------------------------------------------------------------- Description:...

Simple Visitor Stat <= 1.0 - Multiple XSS

Plugin is still affected and has been closed...