what you don't know can hurt you
Showing 1 - 25 of 37 RSS Feed

Files Date: 2020-02-25

OpenSMTPD Out-Of-Bounds Read
Posted Feb 25, 2020
Authored by Qualys Security Advisory

Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.

tags | exploit, arbitrary, shell
systems | openbsd
advisories | CVE-2020-8794
MD5 | a2c12d92302d9d428325ff4fc6f243ba
OpenSMTPD Local Information Disclosure
Posted Feb 25, 2020
Authored by Qualys Security Advisory

Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.

tags | exploit, arbitrary, local, root, proof of concept
systems | openbsd
advisories | CVE-2020-8793
MD5 | 56573da09e74bf6cccffa5506e80c6d3
Astak CM-818T3 Remote Configuration Disclosure
Posted Feb 25, 2020
Authored by Todor Donev

Astak CM-818T3 2.4GHz wireless security surveillance camera remote configuration disclosure exploit.

tags | exploit, remote
MD5 | ea340a0bcf091649dc2a2c285584c6fe
Cisco Unified Contact Center Express Privilege Escalation
Posted Feb 25, 2020
Authored by Jamie R

Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.

tags | advisory
systems | cisco
advisories | CVE-2019-1888
MD5 | 614b86f032bbc9466892166a5a1742b9
WhatWeb Scanner 0.5.1
Posted Feb 25, 2020
Authored by Andrew Horton (urbanadventurer) | Site morningstarsecurity.com

WhatWeb is a next-generation web scanner. WhatWeb recognizes web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognize something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more. WhatWeb supports an aggression level to control the trade off between speed and reliability.

Changes: This is a minor release with bug fixes, one new plugin, and a couple of plugin updates.
tags | tool, web, scanner, javascript
systems | unix
MD5 | a437d13dbfe9caccc1b4c39a57350c05
Red Hat Security Advisory 2020-0598-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0598-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606
MD5 | 1bf2f0ea2d9f0af85f19d93c9471ae0d
Red Hat Security Advisory 2020-0597-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0597-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
MD5 | a251214cca501bd31c99455879d5ce4b
Red Hat Security Advisory 2020-0591-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0591-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution, xss, ruby
systems | linux, redhat
advisories | CVE-2018-1000073, CVE-2018-1000074, CVE-2018-1000075, CVE-2018-1000076, CVE-2018-1000077, CVE-2018-1000078, CVE-2018-1000079, CVE-2018-8777, CVE-2018-8780
MD5 | 1466db90fcaec7836bac3cd15b7cb8d7
Red Hat Security Advisory 2020-0592-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0592-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and use-after-free vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2018-20976, CVE-2019-11085, CVE-2019-14895, CVE-2019-17133
MD5 | 41062dc0a72a79f27648eeff44f918eb
Red Hat Security Advisory 2020-0593-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0593-01 - The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. State injection and out-of-bounds read vulnerabilities have been addressed.

tags | advisory, vulnerability
systems | linux, redhat
advisories | CVE-2018-15686, CVE-2018-16866
MD5 | 54aae99d7f22b77d94b98d37db970849
Red Hat Security Advisory 2020-0595-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0595-01 - The procps-ng packages contain a set of system utilities that provide system information, including ps, free, skill, pkill, pgrep, snice, tload, top, uptime, vmstat, w, watch, and pwdx. A local privilege escalation vulnerability in top has been addressed.

tags | advisory, local
systems | linux, redhat
advisories | CVE-2018-1122
MD5 | a4a66cfae7b5156208030374a551ea08
Red Hat Security Advisory 2020-0594-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0594-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability, protocol
systems | linux, redhat
advisories | CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000301
MD5 | df8981f3d1666f0e1fac725df6f6dcf9
Debian Security Advisory 4633-1
Posted Feb 25, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4633-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2019-5436, CVE-2019-5481, CVE-2019-5482
MD5 | 7f606fba91b7dc47bb50af7affaf96b9
Falco 0.20.0
Posted Feb 25, 2020
Authored by Sysdig | Site sysdig.org

Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.

Changes: A memory leak was addressed along with two bugs and seven rule changes.
tags | tool, intrusion detection
systems | unix
MD5 | aac8c0c88cbc84655d618620435c1694
Red Hat Security Advisory 2020-0579-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0579-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
MD5 | 5112cf78de76214d4e4f09f978f6008e
Red Hat Security Advisory 2020-0562-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0562-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue where /etc/passwd was given incorrect privileges has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-19351
MD5 | 83e45ff49fcb20ae0d38b3abec4b834b
Red Hat Security Advisory 2020-0589-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0589-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A remote code execution vulnerability has been addressed.

tags | advisory, remote, web, code execution, ruby
systems | linux, redhat
advisories | CVE-2019-14894
MD5 | eab5184f834890341476ca2e983af792
Red Hat Security Advisory 2020-0588-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0588-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A remote code execution vulnerability has been addressed.

tags | advisory, remote, web, code execution, ruby
systems | linux, redhat
advisories | CVE-2019-14894
MD5 | 80b9f436acac98e6ae1ec4b2d9bf7f37
Ubuntu Security Notice USN-4292-1
Posted Feb 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4292-1 - It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that rsync incorrectly handled vectors involving left shifts of negative integers in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843
MD5 | a3ff08576453bf2b0102d69a22f053e1
Ubuntu Security Notice USN-4291-1
Posted Feb 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4291-1 - It was discovered that mod_auth_mellon incorrectly handled certain requests. An attacker could possibly use this issue to redirect a user to a malicious URL.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2019-13038
MD5 | 3909383f126c9b7c7f452af184bafad6
Ubuntu Security Notice USN-4290-1
Posted Feb 25, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4290-1 - It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2015-9542
MD5 | d308bb3c571237f1ab41b0a3a2cd354b
Red Hat Security Advisory 2020-0578-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0578-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2019-16865, CVE-2020-5312
MD5 | 069fad5ab1ff83f87d973f169a517b3c
Red Hat Security Advisory 2020-0580-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0580-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service, python
systems | linux, redhat
advisories | CVE-2019-16865, CVE-2020-5311, CVE-2020-5312
MD5 | 7deddaf77c8deae3f9af0f82980e452b
Red Hat Security Advisory 2020-0573-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0573-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.

tags | advisory, web, javascript
systems | linux, redhat
advisories | CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2019-16775, CVE-2019-16776, CVE-2019-16777
MD5 | cf8221333bd22cadadb8bb232144ac87
Red Hat Security Advisory 2020-0576-01
Posted Feb 25, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0576-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.5.0.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-6792, CVE-2020-6793, CVE-2020-6794, CVE-2020-6795, CVE-2020-6798, CVE-2020-6800
MD5 | f11678a70220a06d37a3934367369216
Page 1 of 2
Back12Next

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    19 Files
  • 7
    Aug 7th
    6 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close