Fifthplay S.A.M.I suffers from cross site request forgery and persistent cross site scripting vulnerabilities.
630e06e3c3643cee924b3268054f04cedfdbb2680e72b328374e56840ebc6779FreeBSD Security Advisory - The kernel can create a core dump file when a process crashes that contains process state, for debugging. Due to incorrect initialization of a stack data structure, up to 20 bytes of kernel data stored previously stored on the stack will be exposed to a crashing user process. Sensitive kernel data may be disclosed.
178d5992a84290ac4a8dc6947197a0096dd8c410a6b2c14c552637e40cf2ff97Ubuntu Security Notice 4236-3 - USN-4236-1 fixed a vulnerability in Libgcrypt. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information. Various other issues were also addressed.
e5a5a971c4ccea190670a462826fcea0021af44ec2da753a1483e37fe048c695FreeBSD Security Advisory - A missing check means that an attacker can reinject an old packet and it will be accepted and processed by the IPsec endpoint. The impact depends on the higher-level protocols in use over IPsec. For example, an attacker who can capture and inject packets could cause an action that was intentionally performed once to be repeated.
e5c1b2cd25568643f6713e1fd53907b388b7c12585108e84595b0c0c2ac91c36Call For Papers for Positive Hack Days 10 which will take place in Moscow, Russia May 13th through the 14th, 2020.
b82f2c74df49252e930f233b344c8cbf391936058d57e138380340aca42d5cdaFreeBSD Security Advisory - A programming error allows an attacker who can specify a URL with a username and/or password components to overflow libfetch(3) buffers. An attacker in control of the URL to be fetched (possibly via HTTP redirect) may cause a heap buffer overflow, resulting in program misbehavior or malicious code execution.
58eb688b18a5f5586d60c4a6d426da578c845550c391c45bbf4d3e093091639eRed Hat Security Advisory 2020-0262-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Issues addressed include a buffer overflow vulnerability.
8a06fc62ecfbfdc6ca1758f63f38d3e79ed9f13c880309d90658302fc228a353Octeth Oempro version 4.8 suffers from a remote SQL injection vulnerability.
55a32d43a2708d0a24161b5c962ee9d6c3e283d5d2c1e08792ae49a04fbe3e3bUbuntu Security Notice 4256-1 - It was discovered that Cyrus SASL incorrectly handled certain LDAP packets. An attacker could possibly use this issue to execute arbitrary code or cause a denial of service.
d9c56d65b12f662885f9fc49f7d98dbf41363ffa02c6e842987ae8977aa02a0eCentreon version 19.10.5 suffers from a remote command execution vulnerability.
030cbc7db120adeefb9decf4ed1426aeca2c73286c9d115a1f53d790e4e5f8edUbuntu Security Notice 4254-1 - It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. Various other issues were also addressed.
f6f5e92c04b0527e217e89a54e69e168ec8aae2f1b211bb8b6ef2f0f19b1f107Ubuntu Security Notice 4255-1 - It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. It was discovered that a race condition can lead to a use-after-free while destroying GEM contexts in the i915 driver for the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
eb5e9a04a75fba426ec210e5cca330dbb403af43d69646d9392db8615acbd167Centreon version 19.10.5 suffers from a database credential disclosure vulnerability.
af96c61510aefc06361e0fc409d2e6716ceaaa9f3a8292aff4fababf2d56ec14Ubuntu Security Notice 4253-1 - It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information.
48be30a13664a27fc037aefeeb7726526dc3a897e450ee05a82eea46d3552f06Adive Framework version 2.0.8 suffers from a cross site request forgery vulnerability.
8c22a6a1fd1db3e124fbd220c2bea81eab2716215bea0edef67f0a8767ce3ea5
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed