WebKitGTK+ and WPE WebKit suffer from denial of service, logic, and code execution vulnerabilities. Versions affected include WebKitGTK before 2.26.4 and WPE WebKit before 2.26.4.
f26a8511f96186c2554509eee0dedd35c54b0bc46935f8eb82d173fec60fb098The Kaspersky parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (File Name length Field) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.
120b942ba426b1b9b55e704db5b9c97a9ee87d788829b6e6ce558de71c97c890Debian Linux Security Advisory 4623-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
07b281b93bc3e551c542129111e82e593bafba8ae7fa8f3fa45f1cd3c949e937Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
99f04b86268fb22a08e70ff9ef4ddfd161a7f6189c3363589e59d22f54fc13a5Ubuntu Security Notice 4278-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting attacks, or execute arbitrary code.
3cee7693baf92f13b72a4f7814750e482cfdbe8ffcdeb341169530ec7c83ef25CA Technologies, A Broadcom Company, is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system. The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service. The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.
091817c9084bf974c8447837781753ec3e99d5062faa76769b21604190b2d347Debian Linux Security Advisory 4622-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
d999adcd4a26533ad6b97e43e89785ffaeab03376921934028ff9754878be2cbSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
41de21ecf821ffe77355371dc33280e3af41cf9768beab1fff75487b8d3f362bRed Hat Security Advisory 2020-0509-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
46e026b8c73b2c8554ec737612a6983dcc2e937ad252d8277022593a99e1f078Red Hat Security Advisory 2020-0498-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include cross site scripting and null pointer vulnerabilities.
9aaaf65f69bca88fd867633900a54dddbdc4184850f87795f0cea9cea29cf525The F-SECURE parsing engine supports the RAR Archive. The parsing engine can be bypassed by specifically manipulating a RAR archive. Various products are affected.
f8afc9d260d24a97130afc2b29b93956227a49e671abb3b13665f13a1b0de68dRed Hat Security Advisory 2020-0487-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
d07d1892269b8f92df66a4d09cc3d2fd52cb020b25b56e79796b27001a2d25efRed Hat Security Advisory 2020-0497-01 - The release of Red Hat AMQ Online 1.3.3 serves as a replacement for AMQ online 1.3.2, and includes bug fixes and enhancements. Request smuggling and other security issues have been addressed.
26852e77b838e0d5a87fe97d3c16c806d3cdf8d7434d7b5456efee625099d1f1The AVIRA parsing engine can be bypassed by specifically manipulating the ZIP Archive (GPFLag) making the Avira parser believes the file to be encrypted although it isn't. This leads to the Endpoint ignoring the archive and the Avira Gateway Solutions to follow the "File is encrypted" logic.
ac2daf7bcc95857b4f5049cebd3177cbe3381b4badbb37ff3079ae24ed46821aThe ESET parsing engine can be bypassed by specifically manipulating a ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.
e2f741cde9f439ac70973eeae7d76a4af0d0b4eb7a85e38074a57965ddaf71b3Red Hat Security Advisory 2020-0481-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. Cross site scripting and various other issues have been addressed.
c7d2a874d60f28fa4ae628c2a7952736d7e80dc5a1b9f27395d1f319165e2b80Ubuntu Security Notice 4277-1 - Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. Various other issues were also addressed.
f439d4d193a3baedfae42e5b5a839bebfe0de144d241bb30dfc007e4b3cd5b68Red Hat Security Advisory 2020-0476-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where kubeconfig and kubeadmin-password are created with word-readable permissions.
31c669505e540b1e63c2bfbfdddf71530e0f345e4bc0c3eb83ec9dd959344de6Red Hat Security Advisory 2020-0463-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where kubeconfig and kubeadmin-password are created with word-readable permissions.
3c3fc62d51163f3e710fbe7c846c6d1972b62abd6e3ce03ff052cbad3ee7dc15Red Hat Security Advisory 2020-0477-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.7 release.
c53975e7f171dadff3756cccad9d0372fda750bb1dbc29c23732bf0afcb763ccRed Hat Security Advisory 2020-0475-01 - An update is now available for Red Hat Quay 3. An issue where install functionality in nodejs-yarn could be abused has been addressed.
e396f969304d8551f03c119433a46c4d036e4b144ad0965852aeeb1cc799400bUbuntu Security Notice 4276-1 - It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager.
ad473bfdd43cfac5e70cb9134f6682db3a18061d4d48465975f372cbbe9d989bRed Hat Security Advisory 2020-0471-01 - The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.
aa3da2b2017fd512cdbfd1d3ac8867a001d77cb75767b8620a665847af5fbea7Red Hat Security Advisory 2020-0466-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An out-of-bounds write was addressed.
328281cc43d7f4c03bf42e66dae205249de58525158bbb33aca4ee51247f013cRed Hat Security Advisory 2020-0470-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Issues addressed include a deserialization vulnerability.
6216e8d4e1da4d2f6f992918c2fa47b00a0bea765abdfaa4164bac0dbaa1b5c6
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed