AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Teeworlds chip 0.5.211/13/2022 ![]() This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. ![]() The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This affects Ubuntu, Debian, and Gentoo.Ī flaw was found in unzip. Code execution can, for example, use the -gtk-module option. USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. Users are advised to upgrade as soon as possible. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability affects Parse Server in the default configuration with MongoDB. ![]() In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. ![]() Parse Server is an open source http web server backend. NOTE: a third party states "The described attack cannot be executed as demonstrated." This passcode is only four digits, far below typical length/complexity for a user account's password. ** DISPUTED ** UBports Ubuntu Touch 16.04 allows the screen-unlock passcode to be used for a privileged shell via Sudo. Once pax is installed, amavisd automatically prefers it over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). ![]() An attacker can upload arbitrary files through amavisd via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. ![]()
0 Comments
Read More
Leave a Reply. |