Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
Ubuntu Security Notice 4269-1 - It was discovered that systemd incorrectly handled certain PIDFile files. A local attacker could possibly use this issue to trick systemd into killing privileged processes. This issue only affected Ubuntu 16.04 LTS. It was discovered that systemd incorrectly handled certain udevadm trigger commands. A local attacker could possibly use this issue to cause systemd to consume resources, leading to a denial of service. Various other issues were also addressed.
Ubuntu Security Notice 4268-1 - It was discovered that OpenSMTPD incorrectly verified the sender's or receiver's e-mail addresses under certain conditions. An attacker could use this vulnerability to execute arbitrary commands as root.
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
Red Hat Security Advisory 2020-0378-01 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Issues addressed include a denial of service vulnerability.
The Windscribe VPN client application for Windows makes use of a Windows service WindscribeService.exe which exposes a named pipe \\.\pipe\WindscribeService allowing execution of programs with elevated privileges. Windscribe versions prior to 1.82 do not validate user-supplied program names, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on Windscribe versions 1.80 and 1.81 on Windows 7 SP1 (x64).
This Metasploit module exploits an authenticated remote code execution vulnerability in Wago PFC200.
Ubuntu Security Notice 4263-2 - USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.
Socat version 1.7.3.4 heap-based overflow proof of concept exploit.
Red Hat Security Advisory 2020-0431-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability has been addressed.
Ubuntu Security Notice 4266-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
Red Hat Security Advisory 2020-0375-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and heap overflow vulnerabilities.
Kronos WebTA version 4.0 suffers from cross site scripting and authenticated remote privilege escalation vulnerabilities.
Verodin Director Web Console version 3.5.4.0 remote authenticated password disclosure proof of concept exploit.
Red Hat Security Advisory 2020-0374-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and heap overflow vulnerabilities.
Ubuntu Security Notice 4265-2 - USN-4265-1 fixed several vulnerabilities in SpamAssassin. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. Various other issues were also addressed.
AVideo Platform version 8.1 suffers from an information disclosure vulnerability that allows for user enumeration.
Red Hat Security Advisory 2020-0366-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2020-0406-01 - The Container Network Interface project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted. Issues addressed include unbounded memory growth.
AVideo Platform version 8.1 suffers from a cross site request forgery vulnerability.
xglance-bin local root privilege escalation exploit that has been tested on Linux RHEL 7.x/8.x systems.
This python script is a fuzzer for the ISO-8385 financial protocol. It is compatible with sulley and bofuzz and is now part of the official bofuzz release.
Armis has discovered five critical, zero-day vulnerabilities in various implementations of the Cisco Discovery Protocol (CDP) that can allow remote attackers to completely take over devices.
HiSilicon DVR/NVR with hi3520d firmware suffers from having a remote backdoor account vulnerability.
Ubuntu Security Notice 4265-1 - It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code.