Hostapd versions prior to 2.6 were not seeding PRNGs. This vulnerability has been fixed silently around 2016, but never attributed a CVE number, leading to many distributions and IoT devices still shipping this version of the software. In addition, it has been discovered that the Extensible Authentication Protocol (EAP) mode, which offers a protection against flooding attacks, also uses predictable PRNGs.
2d166b553a0342f96415f97cd97caa0cedc98fd50d33edcf18d27bde29fcd3c7
Debian Linux Security Advisory 4630-1 - It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
b455e7a7fba61ee1881640cfb2163c846bf832ec6b79543bd174a3815adaea48
Debian Linux Security Advisory 4631-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.
672a8a4e95e604dea700f5a873d7d479e1ba2dc4114bd73eddf87bc4c9fac27f
Debian Linux Security Advisory 4632-1 - Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash).
f77ed94eb241b6463d1cc0108850a4ac7b647e3bae13cb583969676d3ec8590e
Debian Linux Security Advisory 4634-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.
5da50339d4d1fb31d2ce2fa5d1c69b447dfd44db51920c67a0c326da5a65d4c0
Debian Linux Security Advisory 4635-1 - Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code.
bc5aa8ca4bb689d45b2d9ca0ff9b6ade1a97168e14a988f3692f4ce913bfc8ae
Debian Linux Security Advisory 4636-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'noscript' and one or more raw text tags were whitelisted.
94cda4a539fb8acdae1d82380c87a8ef4be0d2f444897775ffb0061181a93953
Red Hat Security Advisory 2020-0637-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6.
94a7ebf02343bcb5014130974b28608217aeabf08433f8c6def9739ab81cea66
Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0a
Red Hat Security Advisory 2020-0632-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
ef186e73e63f4da3cc8584b6c29f52f1d6a0879734059f2a044d20b95ac4ceab
Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0a
Red Hat Security Advisory 2020-0634-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
1df0fe2f62df4d444ccb819d6f143597bfefdd169e1acff37c0f800b7b226dfa
Red Hat Security Advisory 2020-0631-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
c5410a2d83277b036adeed661972863aa4373b96185f77a076d89b7b279a5b7a
Red Hat Security Advisory 2020-0633-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
1bebc5e30b3d0310766cb8db3fea8a04df5a03923396e89d78272b83466ce1de
Red Hat Security Advisory 2020-0526-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue where /etc/passwd was given incorrect privileges has been addressed.
030dfcd72c32febf0856e4985978ffee94a07f992a7660e011101237be46f09b
Red Hat Security Advisory 2020-0630-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
2cafd3c642092b4ba0ba572a8f7bad662501dca79332e06a608bd62708e0a721
Red Hat Security Advisory 2020-0609-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and use-after-free vulnerabilities.
1704e88839d3a2e0bb88213d4d92ae32aa951a7da471d4548ebd7e57aa5bbccd
Red Hat Security Advisory 2020-0605-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for the wildfly-security-manager package in Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8.
6ae1c40c03924b18c0d8eebf697cacbbc5d0f9e16c0b8488fb583b8746188b35
Red Hat Security Advisory 2020-0606-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for the wildfly-security-manager package in Red Hat JBoss Enterprise Application Platform 7.2. HTTP request smuggling was addressed along with other security issues.
eee7443a646fa70abdc0833f65aebb58f6cdd0629b9ffcb0b58a1b56b9767cd3
Red Hat Security Advisory 2020-0602-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.
06640bfa1968df0b472481ae67bb1e2f62f27a46e4050fa57fce9b5cec78e50b
The AVAST parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating a ZIP archive so that it can be accessed by an end-user but not the anti-virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.
04142bff062e990548f8097f71222a4ee9c85d1768f97fcbf3deca2f91ed21e3
Red Hat Security Advisory 2020-0601-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8.
8d43dd0822bbae7d88d811021e172eed30df934e109bf667724da9e33aa4290a
Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.
3b4a032f286a08e996bc7bfa0eaa2fdd87978080ffb2a1d130af4339afc53464
Red Hat Security Advisory 2020-0598-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.
9fc3f9bc8d7dd7b61381febce5db7ceadfe94a7f3ed9b5467b3740dd5e2b5f6d
Red Hat Security Advisory 2020-0597-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.
4f28657da8e272a2e2844edb1a5372df1b1680d0daf9e675279a4c550d709df9