exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 172 RSS Feed

Files

Hostapd Insufficient Entropy
Posted Feb 29, 2020
Authored by Jonathan Brossard, Nicolas Massaviol

Hostapd versions prior to 2.6 were not seeding PRNGs. This vulnerability has been fixed silently around 2016, but never attributed a CVE number, leading to many distributions and IoT devices still shipping this version of the software. In addition, it has been discovered that the Extensible Authentication Protocol (EAP) mode, which offers a protection against flooding attacks, also uses predictable PRNGs.

tags | advisory, protocol
advisories | CVE-2016-10743, CVE-2019-10064
SHA-256 | 2d166b553a0342f96415f97cd97caa0cedc98fd50d33edcf18d27bde29fcd3c7
Debian Security Advisory 4630-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4630-1 - It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.

tags | advisory, python
systems | linux, debian
advisories | CVE-2020-5390
SHA-256 | b455e7a7fba61ee1881640cfb2163c846bf832ec6b79543bd174a3815adaea48
Debian Security Advisory 4631-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4631-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.

tags | advisory, denial of service, arbitrary, python
systems | linux, debian
advisories | CVE-2019-16865, CVE-2019-19911, CVE-2020-5311, CVE-2020-5312, CVE-2020-5313
SHA-256 | 672a8a4e95e604dea700f5a873d7d479e1ba2dc4114bd73eddf87bc4c9fac27f
Debian Security Advisory 4632-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4632-1 - Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash).

tags | advisory, denial of service, overflow, protocol
systems | linux, debian
advisories | CVE-2020-8597
SHA-256 | f77ed94eb241b6463d1cc0108850a4ac7b647e3bae13cb583969676d3ec8590e
Debian Security Advisory 4634-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4634-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.

tags | advisory, arbitrary, local
systems | linux, debian
advisories | CVE-2020-8794
SHA-256 | 5da50339d4d1fb31d2ce2fa5d1c69b447dfd44db51920c67a0c326da5a65d4c0
Debian Security Advisory 4635-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4635-1 - Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2020-9273
SHA-256 | bc5aa8ca4bb689d45b2d9ca0ff9b6ade1a97168e14a988f3692f4ce913bfc8ae
Debian Security Advisory 4636-1
Posted Feb 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4636-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'noscript' and one or more raw text tags were whitelisted.

tags | advisory, python
systems | linux, debian
advisories | CVE-2020-6802
SHA-256 | 94cda4a539fb8acdae1d82380c87a8ef4be0d2f444897775ffb0061181a93953
Red Hat Security Advisory 2020-0637-01
Posted Feb 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0637-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
SHA-256 | 94a7ebf02343bcb5014130974b28608217aeabf08433f8c6def9739ab81cea66
Red Hat Security Advisory 2020-0638-01
Posted Feb 28, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
SHA-256 | e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0a
Red Hat Security Advisory 2020-0632-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0632-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-2583, CVE-2020-2590, CVE-2020-2593, CVE-2020-2601, CVE-2020-2604, CVE-2020-2654, CVE-2020-2659
SHA-256 | ef186e73e63f4da3cc8584b6c29f52f1d6a0879734059f2a044d20b95ac4ceab
Red Hat Security Advisory 2020-0638-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.

tags | advisory
systems | linux, redhat
SHA-256 | e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0a
Red Hat Security Advisory 2020-0634-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0634-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-8597
SHA-256 | 1df0fe2f62df4d444ccb819d6f143597bfefdd169e1acff37c0f800b7b226dfa
Red Hat Security Advisory 2020-0631-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0631-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-8597
SHA-256 | c5410a2d83277b036adeed661972863aa4373b96185f77a076d89b7b279a5b7a
Red Hat Security Advisory 2020-0633-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0633-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-8597
SHA-256 | 1bebc5e30b3d0310766cb8db3fea8a04df5a03923396e89d78272b83466ce1de
Red Hat Security Advisory 2020-0526-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0526-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue where /etc/passwd was given incorrect privileges has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19351
SHA-256 | 030dfcd72c32febf0856e4985978ffee94a07f992a7660e011101237be46f09b
Red Hat Security Advisory 2020-0630-01
Posted Feb 27, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0630-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2020-8597
SHA-256 | 2cafd3c642092b4ba0ba572a8f7bad662501dca79332e06a608bd62708e0a721
Red Hat Security Advisory 2020-0609-01
Posted Feb 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0609-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-20976, CVE-2019-11085, CVE-2019-14895, CVE-2019-17133
SHA-256 | 1704e88839d3a2e0bb88213d4d92ae32aa951a7da471d4548ebd7e57aa5bbccd
Red Hat Security Advisory 2020-0605-01
Posted Feb 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0605-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for the wildfly-security-manager package in Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2020-7238
SHA-256 | 6ae1c40c03924b18c0d8eebf697cacbbc5d0f9e16c0b8488fb583b8746188b35
Red Hat Security Advisory 2020-0606-01
Posted Feb 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0606-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for the wildfly-security-manager package in Red Hat JBoss Enterprise Application Platform 7.2. HTTP request smuggling was addressed along with other security issues.

tags | advisory, java, web
systems | linux, redhat
advisories | CVE-2020-7238
SHA-256 | eee7443a646fa70abdc0833f65aebb58f6cdd0629b9ffcb0b58a1b56b9767cd3
Red Hat Security Advisory 2020-0602-01
Posted Feb 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0602-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
SHA-256 | 06640bfa1968df0b472481ae67bb1e2f62f27a46e4050fa57fce9b5cec78e50b
AVAST Generic Archive Bypass
Posted Feb 26, 2020
Authored by Thierry Zoller

The AVAST parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating a ZIP archive so that it can be accessed by an end-user but not the anti-virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.

tags | advisory, virus
advisories | CVE-2020-9399
SHA-256 | 04142bff062e990548f8097f71222a4ee9c85d1768f97fcbf3deca2f91ed21e3
Red Hat Security Advisory 2020-0601-01
Posted Feb 26, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0601-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2019-20444, CVE-2019-20445, CVE-2020-7238
SHA-256 | 8d43dd0822bbae7d88d811021e172eed30df934e109bf667724da9e33aa4290a
Cisco Unified Contact Center Express Privilege Escalation
Posted Feb 25, 2020
Authored by Jamie R

Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.

tags | advisory
systems | cisco
advisories | CVE-2019-1888
SHA-256 | 3b4a032f286a08e996bc7bfa0eaa2fdd87978080ffb2a1d130af4339afc53464
Red Hat Security Advisory 2020-0598-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0598-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606
SHA-256 | 9fc3f9bc8d7dd7b61381febce5db7ceadfe94a7f3ed9b5467b3740dd5e2b5f6d
Red Hat Security Advisory 2020-0597-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0597-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
SHA-256 | 4f28657da8e272a2e2844edb1a5372df1b1680d0daf9e675279a4c550d709df9
Page 1 of 7
Back12345Next

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close