Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
71af9918773e9028decc9c58136a9f56713a2951ed97b1130c0d6a01fe95eeab
The Carel pCOWeb card stores password hashes in the file /etc/passwd, allowing privilege escalation by authenticated users. Additionally, plaintext copies of the passwords are stored. Version A 1.4.11 - B 1.4.2 is affected.
450784ac7f42fa743218fbb60bd08f3732984399df8feaaeb904aaf749417707
The Carel pCOWeb card exposes a Modbus interface to the network. By design, Modbus does not provide authentication, allowing to control the affected system. Version A 1.4.11 - B 1.4.2 is affected.
ac9bdcf7f91e77dced7f5e7b4acb37e4fb6d3eaa097d2b650f4b1e1128e1c5f9
Red Hat Security Advisory 2019-3281-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.2.0 ESR. Issues addressed include buffer overflow, bypass, cross site scripting, and use-after-free vulnerabilities.
332517d0f986e800fddcb6a996bf545ae5876efc4f58467d01626aa54b79518f
Ubuntu Security Notice 4173-1 - Felix Wilhelm discovered that FreeTDS incorrectly handled certain types after a protocol downgrade. A remote attacker could use this issue to cause FreeTDS to crash, resulting in a denial of service, or possibly execute arbitrary code.
249a5647bac6baba060acea4c6d26f95b420042b9d301e0d524db8fde562d0e8
Ubuntu Security Notice 4170-2 - USN-4170-1 fixed a vulnerability in Whoopsie. The update caused Whoopsie to crash when sending reports. This update fixes the problem. Kevin Backhouse discovered Whoopsie incorrectly handled very large crash reports. A local attacker could possibly use this issue to cause a denial of service, expose sensitive information or execute code as the whoopsie user. Various other issues were also addressed.
3d48c852e7dcfc3abb2fb09ed80df3fe28d0dc3f88c1ca2fde2213d5b6b9be2e
This Metasploit module exploits a remote command execution vulnerability in Nostromo versions 1.9.6 and below. This issue is caused by a directory traversal in the function http_verify in nostromo nhttpd allowing an attacker to achieve remote code execution via a crafted HTTP request.
1baffab9687f81feac9fe65275eba574314a19a248d0ee583a4ac8f7f390b032
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
19d7c7abbfac4c6fde1221a583df9546772368078433af5e6b111ad18b30aabb
WordPress Google Review Slider plugin version 6.1 suffers from a remote SQL injection vulnerability.
911c95419821334da71eefac39a1736f977de60c9cfdd08de57af973e356d0a4
Red Hat Security Advisory 2019-3278-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.
09bd141bfc689914a6f037134dcdcc5ded17272004cc9cdae40303e14eba15ff
Ubuntu Security Notice 4172-1 - It was discovered that file incorrectly handled certain malformed files. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
6fe3c94e2cd5e4c880d9f27376b84f019f84c878a29d5d6c0fbe26568c400032
Red Hat Security Advisory 2019-3267-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift-enterprise-cli container image for Red Hat OpenShift Container Platform 4.1.21. An arbitrary file write vulnerability was addressed.
906104ae39293840d5212d29dd0ff8cc64dadcf01d461ace938bc39d9d04c9cd
WMV to AVI MPEG DVD WMV Converter version 4.6.1217 suffers from a buffer overflow vulnerability.
8d7b9c4e9eac2146af29c7dd55d6367cd28e4dfe7145bef186543371c430ddab
Red Hat Security Advisory 2019-3266-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the openshift RPM packages for Red Hat OpenShift Container Platform 4.1.21. An arbitrary file write vulnerability was addressed.
6bed6b5c148ae9a3c52340c5463b29776453157b65077748ccba93309aba8a01
Red Hat Security Advisory 2019-3265-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the ansible-operator, apb, containernetworking-plugins, golang-github-openshift-prometheus-alert-buffer, golang-github-prometheus-promu and openshift-eventrouter RPM packages for Red Hat OpenShift Container Platform 4.1.21. Issues addressed include unbounded memory growth.
66c6686738c7b7aa9986790e91b9a9c2b4f1ece1dcc127b32bfa252b00d6e23d
MikroTik RouterOS version 6.45.6 DNS cache poisoning exploit.
a383237105abf2d8cd196092df38ab74a7bb21e90a231ec004bccdee62539d22