Information Disclosure

ansible is vulnerable to information disclosure. The logs, stdout and stderr from SSH can potentially contain sensitive information when a retry task run with -vvv option fails...

Moderate: Red Hat Security Advisory: ansible security and bug fix update

An update for ansible is now available for Ansible Engine 2.5. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

CVE-2018-19793

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data...

Command injection

jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data...

What’s new in TrickBot? Deobfuscating elements

Trojan.TrickBot has been present in the threat landscape from quite a while. We wrote about its first version in October 2016. From the beginning, it was a well organized modular malware, written by developers with mature skills. It is often called a banker, however its modular structure allows t...

Amazon Linux 2 : kernel (ALAS-2018-1100)

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel. An attacker with a local account can trick the stack unwinder code to leak stack contents to userspace. The fix allows only root to inspect the kernel stack of an arbitrary task.CVE-2018-17972 A...

Busting SIM Swappers and SIM Swap Myths

KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized "SIM swaps" -- a complex form of mobile phone fraud that is often use...

[SECURITY] Fedora 29 Update: php-horde-nag-4.2.19-1.fc29

Nag is a web-based application built upon the Horde Application Framework which provides a simple, clean interface for managing online task lists i.e., todo lists. It also includes strong integration with the other Horde applications and allows users to share task lists or enable light-weight...

Hacker Discloses New Windows Zero-Day Exploit On Twitter

A security researcher with Twitter alias SandboxEscaper—who two months ago publicly dropped a zero-day exploit for Microsoft Windows Task Scheduler—has yesterday released another proof-of-concept exploit for a new Windows zero-day vulnerability. SandboxEscaper posted a link to a Github page hosti...

Weak Password Vulnerability in Beijing Jiezhong FameView Configuration Software

FameView configuration software is Beijing Jiezhong company is a set of many years of engineering applications and service experience, based on the Windows operating system, independent research and development of high-performance configuration monitoring software company, can provide economic...

[SECURITY] Fedora 28 Update: php-horde-nag-4.2.19-1.fc28

Nag is a web-based application built upon the Horde Application Framework which provides a simple, clean interface for managing online task lists i.e., todo lists. It also includes strong integration with the other Horde applications and allows users to share task lists or enable light-weight...

[SECURITY] Fedora 27 Update: php-horde-nag-4.2.19-1.fc27

Nag is a web-based application built upon the Horde Application Framework which provides a simple, clean interface for managing online task lists i.e., todo lists. It also includes strong integration with the other Horde applications and allows users to share task lists or enable light-weight...

Adding layer versions with Nutanix fails with error: Failed to execute the script.

When trying to add versions to layers, the task may fail with an error. Failed to execute the script. Unable to perform the operation. The Nutanix server has encountered a failure processing the request 500. Error: internal server error. Details: Error occurred while creating Disk image...

WSS Project Management System version 1.3.2 de***.php has an override access vulnerability

WSS Project Management System is a browser-based collaborative office platform that integrates "Project Management", "Task Management", "Work Hour Management", "Work Log Management" and "Work Log Management". management" as one of the collaborative office platform. A vulnerability exists in de.ph...

DEBIAN-CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

CVE-2018-17972

An issue was discovered in the procpidstack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents...

IBM DB2 Elevation of Privilege Vulnerability (CNVD-2018-20056)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A privilege extraction vulnerability exists in the Administrative Task Scheduler ATS in IBM DB2...

November 8, 2016 — KB3200970 (OS Build 14393.447)

November 8, 2016 — KB3200970 OS Build 14393.447 This update includes quality improvements and security updates. No new operating system features are being introduced in this update. Key changes include: Improved the reliability of multimedia audio, Remote Desktop, and Internet Explorer 11...

PT-2018-2968 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.20 Description: The issue is related to errors in synchronization when using a shared resource, specifically a race condition in the smp task timedout and smp task done functions in the drivers/scsi/libsas/sas...