Red Hat Security Advisory 2020-0591-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
6e60f83a7899b23721090dd7233a10b58aecb9b303e627934ee3b4be58c71833Red Hat Security Advisory 2020-0592-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and use-after-free vulnerabilities.
3be3e97d9cf47b79cdc4d236e0de82e7e19c550c90ec4264b3b8aced6ccf652bRed Hat Security Advisory 2020-0593-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. State injection and out-of-bounds read vulnerabilities have been addressed.
2558b5c10d9bce547ec28cacce9ccb7f155c668ab9ea7a100e7b88633301a2b7Red Hat Security Advisory 2020-0595-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. A local privilege escalation vulnerability in top has been addressed.
0ecb6816c4a7cbaafddd66991561a6488bb1316d81f0605665c4f473770e2a97Red Hat Security Advisory 2020-0594-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.
5800d93843f1ea719cdba522f0012e32a8772db15e37256fc66938007179eaeaDebian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
b7f2ce0f1e8a86c966bfba98bf404e0b81f1d24285a3ca41d94c909e96c042acRed Hat Security Advisory 2020-0579-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.
b886b0e95ead26013e0308ccf593a5a846e8731401ea54bdeeb098795796b513Red Hat Security Advisory 2020-0562-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue where /etc/passwd was given incorrect privileges has been addressed.
aa4b35d0c786a9d7900ebed2fef4942c97c28fdeb4354363539f0cb3932af57fRed Hat Security Advisory 2020-0589-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A remote code execution vulnerability has been addressed.
72b85f78832b028a25adbb0e1b3d74a8a46515b97d66312ac283e4c4668085daRed Hat Security Advisory 2020-0588-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A remote code execution vulnerability has been addressed.
76dabe1fb1f83704fe07415992cc6ce59ac0ca564a556f595df6cccd087ebe63Ubuntu Security Notice 4292-1 - It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
872f3d3c647448679bc2a39190a107c07265f8e8f3f284ca4549af533866a3b0Ubuntu Security Notice 4291-1 - It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL.
711a647bdd901a450dd17d6c7c8386a50244fab44728fcad01a811450ca18bfeUbuntu Security Notice 4290-1 - It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service.
bc59a93ec7b447083b3050b77e460713ae650bc45ae6bf0cf1174c130dd8d8c4Red Hat Security Advisory 2020-0578-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a denial of service vulnerability.
ca03f7b6dda56b6cc65687c2e937f37afc3ae2e723015642775b0a7849ff8318Red Hat Security Advisory 2020-0580-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a denial of service vulnerability.
371aad08e8ae99c8569963a08902cee37a31eb305d7e0007b6db8c249e51b6efRed Hat Security Advisory 2020-0573-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.
c2e5505c347e28a5c5b708280a3f87650156fcbc79f19efa78129e544ac3accbRed Hat Security Advisory 2020-0576-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0.
978c1b0b59479617849e1dae241a04727b4528b0656bd8755d3b6277b6d7f915Red Hat Security Advisory 2020-0574-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0.
1cec59a9d56cb85f669867c729230ee3a37df94d027fa1ba9300b54e466cfb09Red Hat Security Advisory 2020-0575-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. Issues addressed include a use-after-free vulnerability.
3240271f356f5c6aa03af49501fffe947291b42228ba1ab6cc14b1d732c9f741Red Hat Security Advisory 2020-0577-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0.
ea3f90f26563835e30c91b8bfd293fece5cdb34be413d5dc305859e058425b0bRed Hat Security Advisory 2020-0570-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Issues addressed include a buffer overflow vulnerability.
436e483658d2ab5fc7d49ab9c3f8ff2f2cb844633ca16dbc1c82462e750acae6The F-SECURE parsing engine supports the GZIP Archive. The parsing engine can be bypassed by manipulating a GZIP archive (Compression Method). This way the User can extract the file but the AV Engine cannot giving the file a clean pass. Various products and versions are affected.
fbec8e3dcdca05c0034af0f09e6fb074d27522a6d8e9187b70e6a9d79f55cbb6Red Hat Security Advisory 2020-0569-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Issues addressed include a buffer overflow vulnerability.
ac8780ccf7ec8b034e2d6101dbc82ae39cb422eb9e25972542de67c83c777922Red Hat Security Advisory 2020-0568-01 - KornShell is a Unix shell developed by AT&T Bell Laboratories, which is backward-compatible with the Bourne shell and includes many features of the C shell. The most recent version is KSH-93. KornShell complies with the POSIX.2 standard. A code injection vulnerability was addressed.
5de0bbb6699431ef7e8cbd8a14c69a7099f6565c7ff8b2acdd2da3274058a2e7The AVIRA parsing engine supports the ISO container format. The parsing engine can be bypassed by specifically manipulating the ISO Archive This leads to the Endpoint ignoring the container and the Gateways to let this file slip through uninspected. Avira does not patch or update their very popular command line scanner that is still available for download on their website. AV Engine versions below 8.3.54.138 are affected.
e3a1a68dae3a544a78b4225ef81e20a998dd5f42a98b27d7f851c97568992124
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed