Apple Security Advisory 2020-05-26-4 - tvOS 13.4.5 addresses code execution, cross site scripting, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
56756c475b2db5ca4e461c12f83e7a9e603128c2351ec2fd18890f6185253754Apple Security Advisory 2020-05-26-11 - Windows Migration Assistant 2.2.0.0 (v. 1A11) is now available and addresses a code execution vulnerability.
2844283de9e565445f79120159bebc35949ae0381b2da4a7abb2c6e9bd66b28cApple Security Advisory 2020-05-26-10 - iCloud for Windows 7.19 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
62db8b0b76c4b9282432d70396fd37bb8568c629f4d9e8835ed1b611ab0d95bbApple Security Advisory 2020-05-26-9 - iCloud for Windows 11.2 is now available and addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
100cbea4dc7f344692f604cbe8dfab29c51a9e753f7d0e6e5204c16baf6f0880Apple Security Advisory 2020-05-26-5 - watchOS 6.2.5 addresses code execution, cross site scripting, denial of service, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
2a3498bed642fb25a35b285cbccdfdfb4b489e582424bec1bb96cb1b19041e61Apple Security Advisory 2020-05-26-8 - iTunes 12.10.7 for Windows addresses code execution, cross site scripting, denial of service, out of bounds read, and out of bounds write vulnerabilities.
b54c3b2604ae9bd59edb7cbd324ad1bc43d253eca37d86dbc127855a7ba085f2Apple Security Advisory 2020-05-26-3 - macOS Catalina 10.15.5, Security Update 2020-003 Mojave, Security Update 2020-003 High Sierra are now available and address bypass, code execution, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
e548dbe3bc45349923003f3bd1e0ad372863e5efd1c4433b30594bf80a645be4Apple Security Advisory 2020-05-26-7 - Safari 13.1.1 is now available and addresses code execution and cross site scripting vulnerabilities.
8b7dce5d32dceb835cd62c85f176c7a87bd99a3dbad33629c6c8dd27534b2540Apple Security Advisory 2020-05-26-6 - watchOS 5.3.7 addresses a memory corruption vulnerability.
e65dba406f7d8518f1a05c7ce9ea5e72aca13fc63ac0c877fa3d39db3dab9f43Apple Security Advisory 2020-05-26-1 - iOS 13.5 and iPadOS 13.5 address bypass, code execution, cross site scripting, denial of service, double free, information leakage, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
c0c5b060812bd316b274c589d529f7340c15548e77bf81b29d18618cd79bfb74Apple Security Advisory 2020-05-26-2 - iOS 12.4.7 addresses an out of bounds write vulnerability.
25db04f26f48b4ba1f92482b9041ca6d7f62441ba8497a88e48505ea92305c77Ubuntu Security Notice 4367-2 - USN-4367-1 fixed vulnerabilities in the 5.4 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Various other issues were also addressed.
5e42002b4d2ecabf6a6cfa168d989279420dab6dbea6fcbbc0c07e9f5d7946b9Ubuntu Security Notice 4369-2 - USN-4369-1 fixed vulnerabilities in the 5.3 Linux kernel. Unfortunately, that update introduced a regression in overlayfs. This update corrects the problem. It was discovered that the btrfs implementation in the Linux kernel did not properly detect that a block was marked dirty in some situations. An attacker could use this to specially craft a file system image that, when unmounted, could cause a denial of service. Various other issues were also addressed.
f8da9cd441c6d1901bb239518cb0e0af3d90d2be5c17ffa81da275fed60bf480Ubuntu Security Notice 4359-2 - USN-4359-1 fixed a vulnerability in APT. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. It was discovered that APT incorrectly handled certain filenames during package installation. If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash. Various other issues were also addressed.
d2237b38c62fa2201ddc711ec23e9be63e8076e5ad1bd20e78441a7d9b9bc406Red Hat Security Advisory 2020-2337-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Issues addressed include a password leak vulnerability.
d97960039ea897209f7073d1df3f547cead0b07aa28946f6737a56f52c083fceRed Hat Security Advisory 2020-2336-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
a97d0758a99b8e81309670874f63e5ae377f59755cb22c023da972d8e2578f73Red Hat Security Advisory 2020-2338-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
e6a2c73a2a4b38c1487faacabaaebda854a4acb40e748164c0484aced16dfe20Red Hat Security Advisory 2020-2335-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
95bfbc66511ee33ff88995e888012f41cd17e1549e2fbb074f8ced41bb5c2a2cRed Hat Security Advisory 2020-2334-01 - FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Issues addressed include integer overflow and out of bounds write vulnerabilities.
e6eb51a86aae787edc8b9e31f50b2a7226ca764a53f6a55c29725b4c919f7a95Debian Linux Security Advisory 4672-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service or request smuggling attacks.
660939fa86daf06b26ab50e4af0902ea74ef786a1e05e439262de385213123e4Debian Linux Security Advisory 4673-1 - Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling and code execution in the AJP connector (disabled by default in Debian).
ba3d584d4fdc2ced4b9b9288a441018d4480428ec0d74e435018d2230c3f1349Debian Linux Security Advisory 4674-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be logged out, or a Cross-Side Scripting (XSS) leading to execution of arbitrary code.
1a0e4fd0c77e5eb1e095f0a4465f6f037d2438c0aa3169e10e182197a9f7487eDebian Linux Security Advisory 4675-1 - Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in information disclosure, denial of service or the execution of arbitrary code if malformed image files are processed.
b2e87b4bb9b4dbb556409e766633ea564939c979313986ac94ce86ed6c29b11cDebian Linux Security Advisory 4676-1 - Several vulnerabilities were discovered in salt, a powerful remote execution manager, which could result in retrieve of user tokens from the salt master, execution of arbitrary commands on salt minions, arbitrary directory access to authenticated users or arbitrary code execution on salt-api hosts.
bc8f6fb80beef063b1481154a0f467f4fb6d9239d5d229f48d3dffa80f9fa57eDebian Linux Security Advisory 4676-2 - The update for salt for the oldstable distribution (stretch) released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt packages are now available to correct this issue. For reference, the original advisory text follows.
796842d23e3e132487d82a2497387a92aa2770d53d6f95db179b90ce2981e9ee
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed