1637 matches found
[SECURITY] Fedora 31 Update: rsyslog-8.1911.0-1.fc31
Rsyslog is an enhanced, multi-threaded syslog daemon. It supports MySQL, syslog/TCP, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is compatible with stock sysklogd and can be used as a drop-in replacement. Rsyslog is simple to set up,...
SolarWinds Kiwi Syslog Server 8.3.52 - Kiwi Syslog Server Unquoted Service Path
SolarWinds Kiwi Syslog Server 8.3.52 - Kiwi Syslog Server Unquoted Service Path Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Date: 2019-11-08 Exploit Author: Carlos A Garcia R Vendor Homepage: https://www.kiwisyslog.com/ Software Link:...
SolarWinds Kiwi Syslog Server 8.3.52 - (Kiwi Syslog Server) Unquoted Service Path Vulnerability
Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Exploit Author: Carlos A Garcia R Vendor Homepage: https://www.kiwisyslog.com/ Software Link: https://www.kiwisyslog.com/downloads Version: 8.3.52 Tested on: Windows XP Professional Service Pack 3...
SolarWinds Kiwi Syslog Server 8.3.52 Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Date: 2019-11-08 Exploit Author: Carlos A Garcia R Vendor Homepage: https://www.kiwisyslog.com/ Software Link: https://www.kiwisyslog.com/downloads Version: 8.3.52 Tested on: Windows XP Professional...
SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path
Exploit Title: SolarWinds Kiwi Syslog Server 8.3.52 - 'Kiwi Syslog Server' Unquoted Service Path Date: 2019-11-08 Exploit Author: Carlos A Garcia R Vendor Homepage: https://www.kiwisyslog.com/ Software Link: https://www.kiwisyslog.com/downloads Version: 8.3.52 Tested on: Windows XP Professional...
openSUSE Security Update : podman / slirp4netns and libcontainers-common (openSUSE-2019-2044)
This is a version update for podman to version 1.4.4 bsc1143386. Additional changes by SUSE on top : - Remove fuse-overlayfs because it's currently an unsatisfied dependency on SLE bsc1143386 - Update libpod.conf to use correct infracommand - Update libpod.conf to use better versioned pause...
rsyslog security update
CentOS Errata and Security Advisory CESA-2019:2110 An update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Cisco Adaptive Security Appliance Software DoS (cisco-sa-20181003-asa-syslog-dos)
According to its self-reported version, the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and allows an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The vulnerability is due to a...
RHEL 7 : systemd (RHSA-2019:2402)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:2402 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...
ZTE MF910 – An end of life router, running lots of vivacious hidden code
You might be here because you saw our talk at Defcon 27. You might want to watch that for the full rundown! The ZTE MF910 is a really interesting router for reversing, mainly because it’s full of nice debug calls, and underused functionality. Also, it’s never going to get patched, and it’s really...
Denial Of Service (DoS)
systemd is vulnerable to denial of service DoS. The vulnerability exists through an out-of-bounds read when parsing a crafted syslog message...
systemd: stack overflow when calling syslog from a command with long cmdline
An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges...
systemd: out-of-bounds read when parsing a crafted syslog message
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data...
Moderate: Red Hat Security Advisory: rsyslog security and bug fix update
An update for rsyslog is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
CloudBees Jenkins Amazon EC2 Plugin Information Disclosure Vulnerability
CloudBees Jenkins Hudson Labs is a set of Java-based development of continuous integration tools from the U.S. CloudBees. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Amazon EC2 Plugin is used in which an EC2 connection agen...
PasteHunter - Scanning Pastebin With Yara Rules
PasteHunter is a python3 application that is designed to query a collection of sites that host publicly pasted data. For all the pasts it finds it scans the raw contents against a series of Yara rules looking for information that can be used by an organisation or a researcher. For setup...
Cisco RV110W, RV130W, and RV215W Authorization Issues Vulnerabilities
Cisco?RV110W and others are a VPN firewall router from Cisco USA. An authorization issue vulnerability exists in the web-based management interface in the Cisco RV110W, RV130W, and RV215W, which can be exploited by a remote attacker to access information in the syslog file...
CVE-2019-1898
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this...
Authorization
A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this...
CVE-2019-1898
CVE-2019-1898 affects Cisco RV110W, RV130W, and RV215W routers. The issue is an information-disclosure vulnerability in the web-based management interface where improper HTTP authorization allows an unauthenticated, remote attacker to access the syslog file, exposing sensitive data. Impact is par...