Microsoft Office Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Microsoft Office OLicenseHeartbeat task, where an attacker who successfully exploited this vulnerability could run this task as SYSTEM. To exploit the vulnerability, an authenticated attacker would need to place a specially crafted file in a...

Privilege Escalation

github.com/hashicorp/nomad is vulnerable to privilege escalation. The vulnerability exists as nomad improperly invokes the rawexec driver even if it was disabled on the client, allowing an authorized user to run a task with higher privileges...

Project-Black - Pentest/BugBounty Progress Control With Scanning Modules

Scope control, scope scanner and progress tracker for easier working on a bug bounty or pentest project. What is this tool for? The tools encourages more methodical work on pentest/bugbounty, tracking the progress and general scans information. It can launch masscan nmap dirsearch amass patator...

[SECURITY] Fedora 31 Update: ansible-2.9.3-1.fc31

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

RHEL 7 : Ansible security update (2.7.16) (Moderate) (RHSA-2020:0217)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0217 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH a...

RHEL 7 / 8 : Ansible security update (2.9.4) (Moderate) (RHSA-2020:0218)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:0218 advisory. Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over S...

Product update: Virtuozzo PowerPanel Update 1 Hotfix 1 (7.0.4-39)

The update for Virtuozzo PowerPanel introduces stability and usability fixes. Vulnerability id: PP-643 Attach and detach backup tasks missing or undefined in the task log. Vulnerability id: PP-642 The 'vzapi-api' package not updated on the controller when upgrading PowerPanel. Vulnerability id:...

Moderate: Red Hat Security Advisory: Ansible security and bug fix update (2.9.4)

An update for ansible is now available for Ansible Engine 2.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Moderate: Red Hat Security Advisory: Ansible security and bug fix update (2.7.16)

An update for ansible is now available for Ansible Engine 2.7 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2017-1224)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service DoS, or possibly have unspecified other impa...

Privilege escalation

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

CVE-2019-16784 Local Privilege Escalation present only on the Windows version of PyInstaller

In PyInstaller before version 3.6, only on Windows, a local privilege escalation vulnerability is present in this particular case: If a software using PyInstaller in "onefile" mode is launched by a privileged user at least more than the current one which have his "TempPath" resolving to a world...

CVE-2019-12399

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value,...

SAIGON, the Mysterious Ursnif Fork

Ursnif aka Gozi/Gozi-ISFB is one of the oldest banking malware families still in active distribution. While the first major version of Ursnif was identified in 2006, several subsequent versions have been released in large part due source code leaks. FireEye reported on a previously unidentified...

openSUSE: Security Advisory for gdb (openSUSE-SU-2019:2494-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2020-5846

An insecure file upload and code execution issue was discovered in Ahsay Cloud Backup Suite 8.3.0.30 via a "PUT /obs/obm7/file/upload" request with the base64-encoded pathname in the X-RSW-custom-encode-path HTTP header, and the content in the HTTP request body. It is possible to upload a file in...

CVE-2019-19901

An issue was discovered in Backdrop CMS 1.13.x before 1.13.5 and 1.14.x before 1.14.2. It doesn't sufficiently filter output when displaying certain block descriptions created by administrators. An attacker could potentially craft a specialized description, then have an administrator execute...

New Zeppelin Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin , has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan,...

New Zeppelin Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin, has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada. However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan,...