Security
Headlines
HeadlinesLatestCVEs

Tag

#linux

MiniDVBLinux 5.4 Remote Root Command Execution

MiniDVBLinux version 5.4 suffers from an OS command execution vulnerability. This can be exploited to execute arbitrary commands as root through the command GET parameter in /tpl/commands.sh.

Packet Storm
#vulnerability#web#linux#git#php
MiniDVBLinux 5.4 Remote Root Command Injection

MiniDVBLinux version 5.4 suffers from an OS command injection vulnerability. This can be exploited to execute arbitrary commands with root privileges.

Spring Cloud Gateway 3.1.0 Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Spring Cloud Gateway versions 3.0.0 through 3.0.6 and 3.1.0. The vulnerability can be exploited when the Gateway Actuator endpoint is enabled, exposed and unsecured. An unauthenticated attacker can use SpEL expressions to execute code and take control of the victim machine.

Gentoo Linux Security Advisory 202210-07

Gentoo Linux Security Advisory 202210-7 - A vulnerability has been found in Deluge which could result in XSS. Versions less than 2.1.1 are affected.

MiniDVBLinux 5.4 Unauthenticated Stream Disclosure

MiniDVBLinux versions 5.4 and below suffer from an unauthenticated live stream disclosure when /tpl/tv_action.sh is called and generates a snapshot in /var/www/images/tv.jpg through the Simple VDR Protocol (SVDRP).

Gentoo Linux Security Advisory 202210-06

Gentoo Linux Security Advisory 202210-6 - Multiple vulnerabilities have been discovered in libvirt, the worst of which could result in denial of service. Versions less than 8.2.0 are affected.

Gentoo Linux Security Advisory 202210-05

Gentoo Linux Security Advisory 202210-5 - Multiple vulnerabilities have been discovered in virglrenderer, the worst of which could result in remote code execution. Versions less than 0.10.1 are affected.

Ubuntu Security Notice USN-5683-1

Ubuntu Security Notice 5683-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

MiniDVBLinux 5.4 Change Root Password

MiniDVBLinux versions 5.4 and below root password changing proof of concept exploit.