polkit security update

0.112-26.0.1 - Increase timeout to avoid defunct processes Orabug: 26930744 0.112-26.1 - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034...

Pip-Audit - Audits Python Environments And Dependency Trees For Known Vulnerabilities

pip-audit is a tool for scanning Python environments for packages with known vulnerabilities. It uses the Python Packaging Advisory Database https://github.com/pypa/advisory-db via the PyPI JSON API as a source of vulnerability reports. This project is developed by Trail of Bits with support from...

Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot which may be the case when using GSO XDP or software hashing. (CVE-2021-28714)

...

CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

DEBIAN-CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

UBUNTU-CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

CVE-2021-28715

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

CVE-2021-28714

Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...

Wordpress Plugin Catch Themes Demo Import RCE

The Wordpress Plugin Catch Themes Demo Import versions use exploit/multi/http/wpcatchthemesdemoimport msf exploitwpcatchthemesdemoimport show targets ...targets... msf exploitwpcatchthemesdemoimport set TARGET msf exploitwpcatchthemesdemoimport show options ...show and set options... msf...

CVE-2021-20870

Improper handling of exceptional conditions vulnerability in KONICA MINOLTA bizhub series bizhub C750i G00-35 and earlier, bizhub C650i/C550i/C450i G00-B6 and earlier, bizhub C360i/C300i/C250i G00-B6 and earlier, bizhub 750i/650i/550i/450i G00-37 and earlier, bizhub 360i/300i G00-33 and earlier,...

PT-2025-8101

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been resolved where the data transfer routines could potentially enter an infinite loop if the hardware enters a bad state. The polling loops for the stat...

PT-2025-8051

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified, related to the ath11k module. The issue causes frames flush failure due to a deadlock, resulting in warnings such as "failed to...

PT-2025-8237

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock issue has been identified in the Linux kernel, specifically in the rtw joinbss event prehandle function. This occurs when two threads attempt to access the same lock,...

SourceLeakHacker - A Multi Threads Web Application Source Leak Scanner

SourceLeakHacker is a muilt-threads web directories scanner. Installation pip install -r requirements.txt Usage dictionary scale --output OUTPUT output folder, default: result/YYYY-MM-DD hh:mm:ss --threads THREADS, -t THREADS threads numbers, default: 4 --timeout TIMEOUT HTTP request timeout...

PT-2021-8079 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel version 5.13.0 mlnx Description: The vulnerability is related to the function mlx5e tx reporter dump sq in the net/mlx5e component of the Linux kernel. This function casts its void argument to struct mlx5e txqsq , but in the...

Exploit for Path Traversal in Grafana

CVE-2021-43798 !Alt texthttps://github.com/z3n70/CVE-...

OPENSUSE-SU-2021:1524-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.8: Improving reporting of general overload state for DNS timeout errors by relays Regenerate fallback directories for October 2021 Bug fixes for onion services CVE-2021-22929: do not log v2 onion services access attempt warnings on disk...

SUSE SLES11 Security Update : xen (SUSE-SU-2021:14848-1)

The remote SUSE Linux SLES11 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:14848-1 advisory. - Observable response discrepancy in some IntelR Processors may allow an authorized user to potentially enable information disclosure via loca...