Posted by Pasquale Fiorillo on Mar 24
QNAP QTS Domain Privilege Escalation Vulnerability
Name Sensitive Data Exposure in QNAP QTS
Systems Affected QNAP QTS (NAS) all model and all versions < 4.2.4
Severity High 7.9/10
Impact CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
Vendor http://www.qnap.com/
Advisory http://www.ush.it/team/ush/hack-qnap/qnap.txt
Authors Pasquale “sid” Fiorillo (sid AT ush DOT…
wifirxpower suffers from local stack-based buffer overflow vulnerability.
The ISPs can now sell certain sensitive data like your browsing history without permission, thanks to the US Senate.
The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulations passed by the Federal Communication Commission (FCC) last year when it was under Democratic leadership.
In October, the Federal
SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.
An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intended to be confined by AppArmor. This is due to the common logic to handle ‘restart’ operations removing AppArmor profiles that aren’t found in the typical filesystem locations, such as /etc/apparmor.d/. Userspace projects that manage their own AppArmor profiles in atypical directories, such as what’s done by LXD and Docker, are affected by this flaw in the AppArmor init script logic.
The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.
[SECURITY] [DSA 3816-1] samba security update
Red Hat Enterprise Linux: Updated OpenStack Networking packages that resolve various issues are now
available for Red Hat OpenStack Platform 10.0 (Newton) for RHEL 7.
Red Hat Enterprise Linux: Updated tzdata packages that add one enhancement are now available for Red
Hat Enterprise Linux 4 Extended Life Cycle Support, Red Hat Enterprise Linux 5
Extended Life Cycle Support, Red Hat Enterprise Linux 5.6 Long Life, Red Hat
Enterprise Linux 5.9 Advanced Update Support, Red Hat Enterprise Linux 5, Red
Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4
Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support,
Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise
Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended
Update Support, Red Hat Enterprise Linux 6.7 Extended Update Support, Red Hat
Enterprise Linux 6, Red Hat Enterprise Linux 7.1 Extended Update Support, Red
Hat Enterprise Linux 7.1 Little Endian Extended Update Support, Red Hat
Enterprise Linux 7.2 Extended Update Support, and Red Hat Enterprise Linux 7.
Red Hat Enterprise Linux: An update for sanlock is now available for Red Hat Enterprise Linux 6.