WebKitGTK+ and WPE WebKit suffer from denial of service, logic, and code execution vulnerabilities. Versions affected include WebKitGTK before 2.26.4 and WPE WebKit before 2.26.4.
f26a8511f96186c2554509eee0dedd35c54b0bc46935f8eb82d173fec60fb098
The Kaspersky parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (File Name length Field) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.
120b942ba426b1b9b55e704db5b9c97a9ee87d788829b6e6ce558de71c97c890
Debian Linux Security Advisory 4623-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
07b281b93bc3e551c542129111e82e593bafba8ae7fa8f3fa45f1cd3c949e937
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
99f04b86268fb22a08e70ff9ef4ddfd161a7f6189c3363589e59d22f54fc13a5
Ubuntu Security Notice 4278-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting attacks, or execute arbitrary code.
3cee7693baf92f13b72a4f7814750e482cfdbe8ffcdeb341169530ec7c83ef25
CA Technologies, A Broadcom Company, is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system. The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service. The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.
091817c9084bf974c8447837781753ec3e99d5062faa76769b21604190b2d347
Debian Linux Security Advisory 4622-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
d999adcd4a26533ad6b97e43e89785ffaeab03376921934028ff9754878be2cb
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
41de21ecf821ffe77355371dc33280e3af41cf9768beab1fff75487b8d3f362b
Red Hat Security Advisory 2020-0509-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
46e026b8c73b2c8554ec737612a6983dcc2e937ad252d8277022593a99e1f078
Red Hat Security Advisory 2020-0498-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include cross site scripting and null pointer vulnerabilities.
9aaaf65f69bca88fd867633900a54dddbdc4184850f87795f0cea9cea29cf525
The F-SECURE parsing engine supports the RAR Archive. The parsing engine can be bypassed by specifically manipulating a RAR archive. Various products are affected.
f8afc9d260d24a97130afc2b29b93956227a49e671abb3b13665f13a1b0de68d
Red Hat Security Advisory 2020-0487-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
d07d1892269b8f92df66a4d09cc3d2fd52cb020b25b56e79796b27001a2d25ef
Red Hat Security Advisory 2020-0497-01 - The release of Red Hat AMQ Online 1.3.3 serves as a replacement for AMQ online 1.3.2, and includes bug fixes and enhancements. Request smuggling and other security issues have been addressed.
26852e77b838e0d5a87fe97d3c16c806d3cdf8d7434d7b5456efee625099d1f1
The AVIRA parsing engine can be bypassed by specifically manipulating the ZIP Archive (GPFLag) making the Avira parser believes the file to be encrypted although it isn't. This leads to the Endpoint ignoring the archive and the Avira Gateway Solutions to follow the "File is encrypted" logic.
ac2daf7bcc95857b4f5049cebd3177cbe3381b4badbb37ff3079ae24ed46821a
The ESET parsing engine can be bypassed by specifically manipulating a ZIP Archive Compression Information Field so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.
e2f741cde9f439ac70973eeae7d76a4af0d0b4eb7a85e38074a57965ddaf71b3
Red Hat Security Advisory 2020-0481-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. Cross site scripting and various other issues have been addressed.
c7d2a874d60f28fa4ae628c2a7952736d7e80dc5a1b9f27395d1f319165e2b80
Ubuntu Security Notice 4277-1 - Liu Bingchang discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. Lili Xu and Bingchang Liu discovered that libexif incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information or cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM and Ubuntu 16.04 LTS. Various other issues were also addressed.
f439d4d193a3baedfae42e5b5a839bebfe0de144d241bb30dfc007e4b3cd5b68
Red Hat Security Advisory 2020-0476-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where kubeconfig and kubeadmin-password are created with word-readable permissions.
31c669505e540b1e63c2bfbfdddf71530e0f345e4bc0c3eb83ec9dd959344de6
Red Hat Security Advisory 2020-0463-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue was addressed where kubeconfig and kubeadmin-password are created with word-readable permissions.
3c3fc62d51163f3e710fbe7c846c6d1972b62abd6e3ce03ff052cbad3ee7dc15
Red Hat Security Advisory 2020-0477-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers the RPM packages for the OpenShift Service Mesh 1.0.7 release.
c53975e7f171dadff3756cccad9d0372fda750bb1dbc29c23732bf0afcb763cc
Red Hat Security Advisory 2020-0475-01 - An update is now available for Red Hat Quay 3. An issue where install functionality in nodejs-yarn could be abused has been addressed.
e396f969304d8551f03c119433a46c4d036e4b144ad0965852aeeb1cc799400b
Ubuntu Security Notice 4276-1 - It was discovered that libykpiv, a supporting library of the Yubico PIV Tool and YubiKey PIV Manager, mishandled specially crafted input. An attacker with a custom-made, malicious USB device could potentially execute arbitrary code on a computer running the Yubico PIV Tool or Yubikey PIV Manager.
ad473bfdd43cfac5e70cb9134f6682db3a18061d4d48465975f372cbbe9d989b
Red Hat Security Advisory 2020-0471-01 - The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.
aa3da2b2017fd512cdbfd1d3ac8867a001d77cb75767b8620a665847af5fbea7
Red Hat Security Advisory 2020-0466-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. An out-of-bounds write was addressed.
328281cc43d7f4c03bf42e66dae205249de58525158bbb33aca4ee51247f013c
Red Hat Security Advisory 2020-0470-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP5. Issues addressed include a deserialization vulnerability.
6216e8d4e1da4d2f6f992918c2fa47b00a0bea765abdfaa4164bac0dbaa1b5c6