The vulnerability of the fly-admin-printer print manager in the FLY operating system of Astra Linux allows a attacker to compromise data integrity, gain unauthorized access to protected information, and cause service failures.

The vulnerability of the fly-admin-printer print manager in the FLY operating system of Astra Linux is related to errors in processing empty tasks, as well as errors in renaming the printer. Exploiting this vulnerability allows a remote attacker to compromise data integrity, gain unauthorized...

The vulnerability of the task scheduler fly-admin-cron in the FLY operating system of Astra Linux allows a perpetrator to access confidential data, compromise its integrity, and cause service failures due to improper handling of registration data.

The vulnerability of the task scheduler fly-admin-cron in the FLY environment of the Astra Linux operating system is related to an incorrect definition of the user performing the task editing operations. Exploiting this vulnerability allows a remote attacker to gain access to confidential data,...

CVE-2019-16925

Flower 0.9.3 has XSS via the name parameter in an @app.task call. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change th...

Design/Logic Flaw

DISPUTED Flower 0.9.3 has XSS via a crafted worker name. NOTE: The project author stated that he doesn't think this is a valid vulnerability. Worker name and task name aren’t user facing configuration options. They are internal backend config options and person having rights to change them alread...

PT-2019-14872 · Celery · Flower

Name of the Vulnerable Software and Affected Versions: Flower version 0.9.3 Description: The issue concerns a potential XSS via the name parameter in an @app.task call. However, the project author disputes the validity of this issue, stating that worker and task names are internal backend...

An in-depth look at cyber insurance: We sat down with risk expert, Cisco's Leslie Lamb

Y2K is known for being one of the most widespread times of panic in IT. It was generally thought that on Dec. 31, 1999, computers across the globe would shut down when they would fail to properly process that it would become the year 2000 the next day. It made headlines across the globe, sent...

[SECURITY] Fedora 30 Update: ansible-2.8.4-1.fc30

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Gamification Can Transform Company Cybersecurity Culture

Chief information security officers CISOs of Global 2000 enterprises have one of the toughest jobs in the world, defending their organization’s cyberspace and being the guardian of its assets and private information. But CISOs also have a second, even bigger problem: Their own company employees...

Moderate: Red Hat Security Advisory: Ansible security update

An update for Ansible is now available for Ansible Engine 2.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Moderate: Red Hat Security Advisory: Ansible security update

An update for Ansible is now available for Ansible Engine 2.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2019-14790

The limb-gallery aka Limb Gallery plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,...

ManageEngine opManager 12.3.150 - Authenticated Code Execution

ManageEngine opManager 12.3.150 - Authenticated Code Execution !/usr/bin/env python3 Exploit Title: ManageEngine opManager Authenticated Code Execution Google Dork: N/A Date: 08/13/2019 Exploit Author: @kindredsec Vendor Homepage: https://www.manageengine.com/ Software Link:...

Linux - Use-After-Free Reads in show_numa_stats()

/ On NUMA systems, the Linux fair scheduler tracks information related to NUMA faults in taskstruct::numafaults and taskstruct::numagroup. Both of these have broken object lifetimes. Since commit 82727018b0d3 "sched/numa: Call tasknumafree from doexecve", first in v3.13, -numafaults is freed not...

The vulnerabilities of the functions smp_task_timedout() and smp_task_done() in the Linux kernel’s drivers/scsi/libsas/sas_expander.c file allow attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerabilities of the functions smptasktimedout and smptaskdone in the Linux kernel’s drivers/scsi/libsas/sasexpander.c file are related to synchronization errors when using shared resources. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity,...

kernel: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

A flaw was found in the Linux kernel where the coredump implementation does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs. This allows local users to obtain sensitive information, cause a denial of service DoS, or possibly have unspecified other impa...

CVE-2018-20943

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task SEC-352...

CVE-2018-20943

cPanel before 68.0.27 allows attackers to read root's crontab file during a short time interval upon a post-update task SEC-352...

CVE-2019-10198

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, i...

CVE-2019-10198

An authentication bypass vulnerability was discovered in foreman-tasks before 0.15.7. Previously, commit tasks were searched through findresource, which performed authorization checks. After the change to Foreman, an unauthenticated user can view the details of a task through the web UI or API, i...

CVE-2019-14329

An issue was discovered in EspoCRM before 5.6.6. There is stored XSS due to lack of filtration of user-supplied data in Create Task. A malicious attacker can modify the parameter name to contain JavaScript code...