MiracleLinux 7 : krb5-1.15.1-51.el7 (AXSA:2021-2558:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2558:03 advisory. krb5: NULL pointer dereference in processtgsreq in kdc/dotgsreq.c via a FAST inner body that lacks server field CVE-2021-37750 Tenable has extracted the...

MiracleLinux 4 : krb5-1.10.3-10.AXS4.2 (AXSA:2013-413:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-413:02 advisory. Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of sending...

EUVD-2013-1455

Malware in sbrugna...

EUVD-2011-1531

Malware in sbrugna...

EUVD-2010-0314

Malware in sbrugna...

EUVD-2013-1454

Malware in sbrugna...

EUVD-2009-2916

Malware in sbrugna...

EUVD-2008-6799

Malware in sbrugna...

EUVD-2009-2917

Malware in sbrugna...

EUVD-2023-37371

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-3183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session,...

Active Directory Certificate Services (ADCS) Privilege Escalation (Certifried)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Active Directory Certificate Services ADCS privilege escalation Certifried', 'Description' = %q This module exploits a privilege escalation...

tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

GHSA-C3H4-9GC2-F7H4 tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users

Impact What kind of vulnerability is it? Who is impacted? Low permission users using the "Set .dme Path" privilege could potentially set malicious .dme files existing on the host machine to be compiled and executed. These .dme files could be uploaded via tgstation-server requiring a separate,...

Amazon Linux 2 : ipa (ALAS-2024-2585)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2585 advisory. A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session, which protects it from brute force attacks...

CentOS 7 : ipa (RHSA-2024:3760)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3760 advisory. - A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client's session key. This key is different for each new session,...

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

UBUNTU-CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

CVE-2024-3183

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...

CVE-2024-3183 Freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force

A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user...