Tweetovi

Blokirali ste korisnika/cu @oss_security

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @oss_security

  1. Re: GNU screen "out of bounds access when setting w_xtermosc after OSC 49": Posted by Amadeusz Sławiński on Feb 06Hi, The report which resulted in second commit just happened to be reported at similar time and is not related to the issue at hand apart…

    Poništi
  2. CVE-2020-8608 QEMU: Slirp: potential OOB access due to unsafe snprintf() usages: Posted by P J P on Feb 06 Hello, A out-of-bounds heap buffer access issue was found in the SLiRP networking implementation of the QEMU emulator. It occurs in tcp_emu()…

    Poništi
  3. Re: CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script: Posted by Matthias Gerstner on Feb 06Hello Larry, true. Generally it allows to grant groups read permissions on files. I'm not aware…

    Poništi
  4. 5. velj

    Re: CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script: Posted by Larry W. Cashdollar on Feb 05Hello Matthias, That chmod 640 might be interesting if applied to /etc/shadow. It could allow…

    Poništi
  5. 5. velj

    CVE-2019-18901: mariadb: possible symlink attack for the mysql user in the SUSE specific mysql-systemd-helper script: Posted by Matthias Gerstner on Feb 05Hello list, in the course of a review of the mariadb packaging in the SUSE Linux distribution I…

    Poništi
  6. 5. velj

    Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled: Posted by William Bowling on Feb 05When using a pty, sudo_term_eof and sudo_term_kill are initialized to 0x4 and 0x15 allowing the overflow to be reached, making 1.8.26-1.8.30 also…

    Poništi
  7. 4. velj

    Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool: Posted by Matthias Gerstner on Feb 04Hi, yes, exactly. I don't want to…

    Poništi
  8. 4. velj

    Re: CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool: Posted by Solar Designer on Feb 04Why not simply root:mysql 04710…

    Poništi
  9. 4. velj

    CVE-2020-7221: mariadb: possible local mysql to root user exploit in mysql_install_db script setting permissions of /usr/lib64/mysql/plugin/auth_pam_tool_dir/auth_pam_tool: Posted by Matthias Gerstner on Feb 04Hello list, in the course of a review of a…

    Poništi
  10. 3. velj

    Django 3.0.3, 2.2.10 and 1.11.28: CVE-2020-7471: Potential SQL injection via ``StringAgg(delimiter)``: Posted by Carlton Gibson on Feb 03https://www.djangoproject.com/weblog/2020/feb/03/security-releases/ In accordance with `our security release policy…

    Poništi
  11. 2. velj

    Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2): Posted by Al Viro on Feb 02Well, it won't be dereferencing anything freed - if we are in RCU mode, we have observed (with sufficient barriers) an earlier value…

    Poništi
  12. 2. velj

    Re: Linux kernel: user-triggerable read-after-free crash or 1-bit infoleak oracle in open(2): Posted by Solar Designer on Feb 02Turns out the fix in d0cb50185ae9 introduced a regression, now found with syzkaller and fixed:

    Poništi
  13. 1. velj

    multiple NULL pointer dereference vulnerabilities in newlib: Posted by Dimitrios Glynos on Jan 31Hello all, newlib versions prior to 3.3.0 (and derivatives like newlib-nano, picolibc, related ARM toolchains) are vulnerable to a number of NULL pointer…

    Poništi
  14. 1. velj

    CVE-2020-1700 ceph: connection leak in the RGW Beast front-end permits a DoS against the RGW server: Posted by Hardik Vyas on Jan 31Hello, A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker…

    Poništi
  15. 31. sij

    Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled: Posted by Todd C. Miller on Jan 31It turns out a change in EOF handling introduced in sudo 1.8.26 prevents exploitation of the bug. The EOF character is also initialized to 0 and…

    Poništi
  16. 30. sij

    CVE-2019-3016: information leak within a KVM guest: Posted by John Haxby on Jan 30The problem is missing TLB flushes which potentially allows a process in a KVM guest to access memory locations within that guest that it should not have access to. The…

    Poništi
  17. 30. sij

    [CVE-2020-1931] Apache SpamAssassin Nefarious rule configuration (.cf) files can be configured to run system commands with warnings.: Posted by Kevin A. McGrail on Jan 30Apache SpamAssassin 3.4.4 was recently released [1], and fixes an issue of security…

    Poništi
  18. 30. sij

    New Qt vulnerabilities: Posted by Thiago Macieira on Jan 30The Qt security team was made aware of two issues affecting the currently- released versions of Qt that could lead to loading of untrusted plugins, which can execute code immediately upon…

    Poništi
  19. 29. sij

    Multiple vulnerabilities in Jenkins and Jenkins plugins: Posted by Daniel Beck on Jan 29Jenkins is an open source automation server which enables developers around the world to reliably build, test, and deploy their software. The following releases…

    Poništi
  20. 29. sij

    LPE and RCE in OpenSMTPD (CVE-2020-7247): Posted by Qualys Security Advisory on Jan 28Qualys Security Advisory LPE and RCE in OpenSMTPD (CVE-2020-7247) ============================================================================== Contents…

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·