All Projects

Project Category Task Type Priority Severity Summary  desc Status Progress
PackagesAnySecurity IssueVery HighCritical [znc] CVE-2018-14055: privilege escalation & CVE-2018-1 ...Closed
100%
Task Description

Severity: high

Versions affected:
1.6.0 through 1.7.0
Potentially, all earlier versions too, but there is no known way to
trigger this before 1.6.0

Mitigation:
upgrade to 1.7.1

Description:
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming
from the network, allowing a non-admin user to escalate privilege,
inject rogue values into znc.conf, and gain shell access.

Upstream patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

Severity: medium

Versions affected:
0.045 through 1.7.0

Mitigation:
upgrade to 1.7.1, or disable HTTP via `/msg *status AddPort`, `/msg
*status DelPort` commands.

Description:
ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin user
can set web skin name to ../ to access files outside of the intended
skins directories and to cause DoS.

Upstream patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773

PackagesAnySecurity IssueVery HighCritical [wpa_supplicant] vulnerable to KRAK attack Closed
100%
Task Description

https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/

https://w1.fi/security/2017-1/

Arch just patched: https://www.archlinux.org/packages/core/i686/wpa_supplicant/

PackagesAnySecurity IssueVery HighCritical [wesnoth] CVE-2018-1999023 - Code Injection vulnerabili ...Closed
100%
Task Description

The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.

https://security-tracker.debian.org/tracker/CVE-2018-1999023

Upstream patch: https://github.com/wesnoth/wesnoth/commit/d911268a783467842d38eae7ac1630f1fea41318

PackagesAnySecurity IssueVery HighCritical [util-linux] CVE-2018-7738 Closed
100%
Task Description

Description:
In util-linux before 2.32-rc1, bash-completion/umount allows local users to gain privileges by embedding shell commands in a mountpoint name, which is mishandled during a umount command (within Bash) by a different user, as demonstrated by logging in as root and entering umount followed by a tab character for autocompletion.

https://blog.grimm-co.com/post/malicious-command-execution-via-bash-completion-cve-2018-7738/

PackagesAnySecurity IssueVery LowCritical [unbound] Multiple CVEs Closed
100%
Task Description

https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/

[Critical] https://security-tracker.debian.org/tracker/CVE-2019-18934

PackagesAnySecurity IssueVery HighCritical [toxcore] Memory leak - Remote DDoS vunerability Closed
100%
Task Description

Description:

A memory leak bug was discovered in Toxcore that can be triggered remotely to exhaust one’s system memory, resulting in a denial of service attack... As a general reminder, if you are still using irungentoo’s toxcore, we strongly encourage you to switch to using TokTok c-toxcore instead as it’s a lot more actively developed and maintained. In fact, irungentoo’s toxcore is neither being developed nor maintained for some time now, aside from merging only the most critical fixes from TokTok c-toxcore from time to time, missing all other important fixes.

Additional info:
* package version(s): < 2.8

https://blog.tox.chat/2018/10/memory-leak-bug-and-new-toxcore-release-fixing-it/

PackagesAnySecurity IssueVery LowHigh [tigervnc] Multiple CVE Closed
100%
Task Description

https://www.openwall.com/lists/oss-security/2019/12/20/2

“This is a security release to fix a number of issues that were found by Kaspersky Lab. These issues affect both the client and server and could theoretically allow an malicious peer to take control over the software on the other side.”

PackagesAnySecurity IssueVery LowMedium [qemu] Multiple CVE Closed
100%
Task Description

CVE-2018-20123 QEMU: pvrdma: memory leakage in device hotplug
https://www.openwall.com/lists/oss-security/2018/12/13/4

CVE-2018-16872 Qemu: usb-mtp: path traversal by host filesystem
manipulation in Media Transfer Protocol (MTP)
https://www.openwall.com/lists/oss-security/2018/12/13/11

Patches included at above URLs.

PackagesAnySecurity IssueVery LowMedium [patch] CVE-2018-6951 - NULL pointer DoS Closed
100%
Task Description

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a “mangled rename” issue.

https://security-tracker.debian.org/tracker/CVE-2018-6951

PackagesAnySecurity IssueVery HighCritical [openssh] CVE-2018-15473 Closed
100%
Task Description

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.

https://security-tracker.debian.org/tracker/CVE-2018-15473

Patch: https://salsa.debian.org/ssh-team/openssh/commit/4641c58a3279f6b118f9562babaa0ee050a38619

Technical analysis: https://blog.nviso.be/2018/08/21/openssh-user-enumeration-vulnerability-a-close-look/

PackagesAnySecurity IssueVery LowCritical [opensmtpd] CVE-2020-8794 Closed
100%
Task Description

Description: https://www.openwall.com/lists/oss-security/2020/02/24/5 https://www.bleepingcomputer.com/news/security/new-critical-rce-bug-in-openbsd-smtp-server-threatens-linux-distros/

Qualys Security Advisory

LPE and RCE in OpenSMTPD’s default install (CVE-2020-8794)

Contents

Summary
Analysis
...
Acknowledgments

Summary

We discovered a vulnerability in OpenSMTPD, OpenBSD’s mail server. This
vulnerability, an out-of-bounds read introduced in December 2015 (commit
80c6a60c, “when peer outputs a multi-line response ...”), is exploitable
remotely and leads to the execution of arbitrary shell commands: either
as root, after May 2018 (commit a8e22235, “switch smtpd to new
grammar”); or as any non-root user, before May 2018.

Because this vulnerability resides in OpenSMTPD’s client-side code
(which delivers mail to remote SMTP servers), we must consider two
different scenarios:

- Client-side exploitation: This vulnerability is remotely exploitable

in OpenSMTPD's (and hence OpenBSD's) default configuration. Although
OpenSMTPD listens on localhost only, by default, it does accept mail
from local users and delivers it to remote servers. If such a remote
server is controlled by an attacker (either because it is malicious or
compromised, or because of a man-in-the-middle, DNS, or BGP attack --
SMTP is not TLS-encrypted by default), then the attacker can execute
arbitrary shell commands on the vulnerable OpenSMTPD installation.

- Server-side exploitation: First, the attacker must connect to the

OpenSMTPD server (which accepts external mail) and send a mail that
creates a bounce. Next, when OpenSMTPD connects back to their mail
server to deliver this bounce, the attacker can exploit OpenSMTPD's
client-side vulnerability. Last, for their shell commands to be
executed, the attacker must (to the best of our knowledge) crash
OpenSMTPD and wait until it is restarted (either manually by an
administrator, or automatically by a system update or reboot).

We developed a simple exploit for this vulnerability and successfully
tested it against OpenBSD 6.6 (the current release), OpenBSD 5.9 (the
first vulnerable release), Debian 10 (stable), Debian 11 (testing), and
Fedora 31.

The fix is delivered in OpenSMTPD 6.6.4p1, available here, which the developer recommends installing “AS SOON AS POSSIBLE.”

PackagesAnySecurity IssueMediumCritical [libjpeg-turbo] CVE-2019-2201 Closed
100%
Task Description

In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation

https://security-tracker.debian.org/tracker/CVE-2019-2201

Patch: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

PackagesAnySecurity IssueVery HighCritical [libarchive] CVE-2019-18408 Closed
100%
Task Description

https://www.zdnet.com/article/libarchive-vulnerability-can-lead-to-code-execution-on-linux-freebsd-netbsd/

https://security-tracker.debian.org/tracker/CVE-2019-18408

PackagesAnySecurity IssueVery HighCritical [iceweasel-uxp-noscript] Zero-day bypass and script exe ...Closed
100%
Task Description

Description:

NoScript zero-day allows script execution even with scripts blocked by default.

https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/

https://twitter.com/ma1/status/1039163003034324992

Additional info:
* package version(s) < 5.1.8.7

Steps to reproduce:
Set the Content-Type of your html/js page to “text/html;json” and enjoy full JS pwnage”

PackagesAnySecurity IssueVery HighHigh [gnupg] CVE-2018-12020 Closed
100%
Task Description

https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html

We are pleased to announce the availability of a new GnuPG release:
version 2.2.8. This version fixes a critical security bug and comes
with some other minor changes.
PackagesStableSecurity IssueVery HighCritical [exim] CVE-2019-10149 Closed
100%
Task Description

Description: There’s an active, ongoing campaign exploiting a widespread vulnerability in linux email servers. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner.

https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability

https://www.openwall.com/lists/oss-security/2019/06/06/1

PackagesAnySecurity IssueHighHigh [busybox] CVE-2017-16544: autocompletion vulnerability Closed
100%
Task Description

Package: https://www.hyperbola.info/packages/community/x86_64/busybox/

https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/

In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.

Patch: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8

Showing tasks 1 - 17 of 17 Page 1 of 1

Available keyboard shortcuts

Tasklist

Task Details

Task Editing