Ubuntu Security Notice 4540-1 - Denis Andzakovic discovered that atftpd incorrectly handled certain malformed packets. A remote attacker could send a specially crafted packet to cause atftpd to crash, resulting in a denial of service. Denis Andzakovic discovered that atftpd did not properly lock the thread list mutex. An attacker could send a large number of tftpd packets simultaneously when running atftpd in daemon mode to cause atftpd to crash, resulting in a denial of service. Various other issues were also addressed.

BigTree CMS version 4.4.10 suffers from a remote code execution vulnerability.

Anchor CMS version 0.12.7 suffers from a persistent cross site scripting vulnerability.

Ubuntu Security Notice 4539-1 - Andrew Bartlett discovered that DAViCal Andrew's Web Libraries did not properly manage session keys. An attacker could possibly use this issue to impersonate a session.

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Simple Online Food Ordering System version 1.0 suffers from a remote SQL injection vulnerability.

Ubuntu Security Notice 4536-1 - Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting attacks. Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could possibly use this issue to cause SPIP to enumerate registered users. Guillaume Fahrner discovered that SPIP did not properly sanitize input. A remote authenticated attacker could possibly use this issue to execute arbitrary code on the host server. Various other issues were also addressed.

Ubuntu Security Notice 4538-1 - Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use this issue to install untrusted packages, contrary to expectations.

Ubuntu Security Notice 4537-1 - Vaisha Bernard discovered that Aptdaemon incorrectly handled the Locale property. A local attacker could use this issue to test for the presence of local files.

Red Hat Security Advisory 2020-3835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-3832-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-3836-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a null pointer vulnerability.

Red Hat Security Advisory 2020-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-3834-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.

Ubuntu Security Notice 4535-1 - Gabriel Corona discovered that RDFLib did not properly load modules on the command-line. An attacker could possibly use this issue to cause RDFLib to execute arbitrary code.

Red Hat Security Advisory 2020-3806-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.2.6.SP2 serves as a replacement for Red Hat support for Spring Boot 2.2.6.SP1, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting and denial of service vulnerabilities.

Red Hat Security Advisory 2020-3807-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include code execution and cross site scripting vulnerabilities.

Whitepaper called iOS Swift Anti-Jailbreak Bypass with Frida.

Ubuntu Security Notice 4534-1 - It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information.

Red Hat Security Advisory 2020-3809-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.

Red Hat Security Advisory 2020-3808-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.

Red Hat Security Advisory 2020-3817-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice 4533-1 - Veeti Veteläinen discovered that the LTSP Display Manager incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges.