CVE-2018-1000843

Luigi version prior to version 2.8.0; after commit 53b52e12745075a8acc016d33945d9d6a7a6aaeb; after GitHub PR spotify/luigi/pull/1870 contains a Cross ite Request Forgery CSRF vulnerability in API endpoint: /api/ that can result in Task metadata such as task name, id, parameter, etc. will be leake...

[SECURITY] Fedora 29 Update: ansible-2.7.5-1.fc29

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

RHEL 7 : kernel (RHSA-2018:3843)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:3843 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: NULL pointer dereference in...

Low: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...

SUSE-SU-2018:4130-1 Security update for ansible

This update for ansible fixes the following issues: Ansible was updated to ansible 2.4.6.0. The full release notes can be found on: https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md Security issues fixed: - CVE-2018-10875: ansible.cfg is read from the current working directory which...

Celerystalk - An Asynchronous Enumeration and Vulnerability Scanner

celerystalk helps you automate your network scanning/enumeration process with asynchronous jobs aka tasks while retaining full control of which tools you want to run. Configurable - Some common tools are in the default config, but you can add any tool you want Service Aware - Uses nmap/nessus...

Information Disclosure

ansible is vulnerable to information disclosure. The logs, stdout and stderr from SSH can potentially contain sensitive information when a retry task run with -vvv option fails...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Command injection

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data...

CVE-2018-19793

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data...

What’s new in TrickBot? Deobfuscating elements

Trojan.TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. From the beginning, it was a well organized modular malware, written by developers with mature skills. It is often called a banker, however its modular structure allows t...

Amazon Linux 2 : kernel (ALAS-2018-1100)

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.CVE-2018-17972 A...

Busting SIM Swappers and SIM Swap Myths

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized "SIM swaps" -- a complex form of mobile phone fraud that is often use...

[SECURITY] Fedora 29 Update: php-horde-nag-4.2.19-1.fc29

Nag is a web-based application built upon the Horde Application Framework which provides a simple, clean interface for managing online task lists i.e., todo lists. It also includes strong integration with the other Horde applications and allows users to share task lists or enable light-weight...

Hacker Discloses New Windows Zero-Day Exploit On Twitter

A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosti...

Weak Password Vulnerability in Beijing Jiezhong FameView Configuration Software

FameView configuration software is Beijing Jiezhong company is a set of many years of engineering applications and service experience, based on the Windows operating system, independent research and development of high-performance configuration monitoring software company, can provide economic...

[SECURITY] Fedora 28 Update: php-horde-nag-4.2.19-1.fc28

Nag is a web-based application built upon the Horde Application Framework which provides a simple, clean interface for managing online task lists i.e., todo lists. It also includes strong integration with the other Horde applications and allows users to share task lists or enable light-weight...

[SECURITY] Fedora 27 Update: php-horde-nag-4.2.19-1.fc27

Nag is a web-based application built upon the Horde Application Framework which provides a simple, clean interface for managing online task lists i.e., todo lists. It also includes strong integration with the other Horde applications and allows users to share task lists or enable light-weight...

Adding layer versions with Nutanix fails with error: Failed to execute the script.

When trying to add versions to layers, the task may fail with an error. Failed to execute the script. Unable to perform the operation. The Nutanix server has encountered a failure processing the request 500. Error: internal server error. Details: Error occurred while creating Disk image...

WSS Project Management System version 1.3.2 de***.php has an override access vulnerability

WSS Project Management System is a browser-based collaborative office platform that integrates "Project Management", "Task Management", "Work Hour Management", "Work Log Management" and "Work Log Management". management" as one of the collaborative office platform. A vulnerability exists in de.ph...