haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
acbb05776668657012273be9bb3310e3140b79959aa4538e4cca8d30d40c0b8fUbuntu Security Notice 7021-4 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
f5bd65d2898e9829d211a6a95b234a34eb25f17b8ac37caf94966dce73810534Debian Linux Security Advisory 5781-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
1ef039858c6f77289a0121b0f10830b4ab7779904de169e39eb4e8d6420d6fe6Acronis Cyber Infrastructure (ACI) is an IT infrastructure solution that provides storage, compute, and network resources. Businesses and Service Providers are using it for data storage, backup storage, creating and managing virtual machines and software-defined networks, running cloud-native applications in production environments. This Metasploit module exploits a default password vulnerability in ACI which allow an attacker to access the ACI PostgreSQL database and gain administrative access to the ACI Web Portal. This opens the door for the attacker to upload SSH keys that enables root access to the appliance/server. This attack can be remotely executed over the WAN as long as the PostgreSQL and SSH services are exposed to the outside world. ACI versions 5.0 before build 5.0.1-61, 5.1 before build 5.1.1-71, 5.2 before build 5.2.1-69, 5.3 before build 5.3.1-53, and 5.4 before build 5.4.4-132 are vulnerable.
07990b1f6994d1629f554b31888e1fa6a36fccc954738c75a95e2ac86e270498dizqueTV version 1.5.3 suffers from a remote code execution vulnerability.
b18cb14167c97952ef1684789d6a48b83e5c1338a0677edc0b3eaef195497b45Ubuntu Security Notice 7052-1 - It was discovered that GNOME Shell mishandled extensions that fail to reload, possibly leading to extensions staying enabled on the lock screen. An attacker could possibly use this issue to launch applications, view sensitive information, or execute arbitrary commands. It was discovered that the GNOME Shell incorrectly handled certain keyboard inputs. An attacker could possibly use this issue to invoke keyboard shortcuts, and potentially other actions while the workstation was locked.
d145ca7fe21493de973870eec17c6d14d6d8ba7536b1cb88569b36730ddfee8cDebian Linux Security Advisory 5780-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in incorrect parsing of multipart/form-data, bypass of the cgi.force_direct directive or incorrect logging.
bfa3e5a0c7655d65e84e614bda3fc8f53d019f36e25c18e9829db943709ca29bopenSIS version 9.1 suffers from a remote SQL injection vulnerability.
ddd8a61a144743e851f50537eea6c5ff213dbd687c67b18723cb43b3cce02613reNgine version 2.2.0 suffers from an authenticated command injection vulnerability.
f066bac5f8056ecff7640ad1eda251ee3cfc442c52056ad0305561dcae02504eWordPress Bricks Builder Theme version 1.9.6 suffers from a PHP code injection vulnerability.
69058773e3397f84487632f50d5da835890bc34fb55c74c497a1b37f090145ecWordPress Hash Form plugin version 1.1.0 suffers from a PHP code injection vulnerability.
bc7980f4f411a27c7262c68f7fd454a125802275d61a94ede6b68bb2e568c7a7WordPress GiveWP Donation Fundraising Platform version 3.14.1 suffers from a PHP code injection vulnerability.
eb486df34141d18e18b546102e2a364a70c644072728e437923337df6d3968b6ViciDial version 2.0.5 suffers from a cross site request forgery vulnerability.
8d97cf3df17b56471dae55b00de7d5fdb6df05ba2d778c815ad038c1c5af4adeVehicle Service Management System version 1.0 suffers from a cross site request forgery vulnerability.
cbbb1165632f2703bbc4989bf742873fef70ed8ad0904b983a249605f1abbb36Transport Management System version 1.0 suffers from an insecure direct object reference vulnerability.
ddb2ecfd9605e960fcf65ed5d6d99463da9d4dc7cef2f1685967819afe88b7dePrinting Business Records Management System version 1.0 suffers from an ignored default credential vulnerability.
cfd9d4151bd46ad7de2e0c129a76499f645f7ad0df0b80a0d40a359c199f4f2cOnline Eyewear Shop version 1.0 suffers from an ignored default credential vulnerability.
2bf05df779783894d1f5d14a01f0b453810086efd504cdb90dfe4889fe4bce31AVideo version 12.4 suffers from a PHP code injection vulnerability.
b36808e21f51e25a7052432f8419f20edcaf24b7c01d2a036f8e75bb34bc7468
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed