Ubuntu Security Notice 4288-2 - USN-4288-1 fixed a vulnerability in ppp. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ppp incorrectly handled certain rhostname values. A remote attacker could use this issue to cause ppp to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
c28c6cad6c0a312541d70136b3a316727d572cc4a6195317d8845fa0feae034d
macOS and iOS have a vulnerability with ImageIO where memory safety issues occur when processing OpenEXR images.
23ef758e43b0bb631041d08cd27de77d60045e1369c4166c69601d12ea248b03
An issue in JSC leaves the data flow graph inconsistent. While fuzzing JavaScriptCore with fuzzilli, the researcher found a crash condition in JSC.
f2e43004dcfceafecefbc6c781e8b7b7c0553fe8bd4f4bb81b7c35e3f2629141
Ubuntu Security Notice 4294-1 - It was discovered that OpenSMTPD mishandled certain input. A remote, unauthenticated attacker could use this vulnerability to execute arbitrary shell commands as any non-root user. It was discovered that OpenSMTPD did not properly handle hardlinks under certain conditions. An unprivileged local attacker could read the first line of any file on the filesystem.
5b6805dc7503709eaa6444271d78fe6c8eb7dcb5aa91a23ed44fee1b7b1d5835
graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie if a guest user has the graph real-time privilege.
ddfd448fc925b28a03aaba73be8f9999625bb6879802ec1b4e35f2eeef4e1d87
Microsoft Exchange 2019 version 15.2.221.12 suffers from an authenticated remote code execution vulnerability.
2209d610405eecbd97899d9712efd45c455cffc7e713903504d884634ddf470f
Wing FTP Server version 6.2.3 suffers from a privilege escalation vulnerability.
1ae5578623bbeb0e096eb60fd0cab4bbd70d30453e6bbaa55594af0861423833
Whitepaper called DevSecOps: A Secure Approach.
d1546b1bfa5a4a9583edfd0e9540d06f4cb82195830a836cb3257c7867571fbe
Intelbras Wireless N 150Mbps WRN240 suffers from a configuration upload authentication bypass vulnerability.
5bad1b9a12d8989f3b8b025212fbd899f758b7bdf17b7706b3077006f7a60b0e
Netis WF2419 version 2.2.36123 suffers from a remote code execution vulnerability.
22aa5eac15aadbbbe2668ffb88c241e62f80f6a1ddc35e9f7c92e0c007312e6c
Cyberoam Authentication Client version 2.1.2.7 suffers from a buffer overflow vulnerability.
8de7e2da3c8e229cd09e1484f910a5e1e10dde2d8754d786bf6d3a031f64da4f
TP-Link TL-WR849N version 0.9.1 4.16 suffers from a firmware upload authentication bypass vulnerability.
37bc68f5befaa23906d9aaa24672acb4b48a104af3a17bb29a119d2d699886c2
WordPress Tutor LMS plugin version 1.5.3 suffers from a cross site request forgery vulnerability.
ceb7fad1bddca882cf8865660a2c2e9a841f52a147fd897d47001e0ab57a5343
TP-Link TL-WR849N suffers from a remote code execution vulnerability.
95d81d485c8d63207e1a1d780392d1575772a750d2a845ebf46f2f0f27699258
Wing FTP Server version 6.2.5 suffers from a privilege escalation vulnerability.
7eb49147e2b7a042914d584480fc87c44246f255a8583d44fa1cc3318ec8da13
Joplin Desktop version 1.0.184 suffers from a cross site scripting vulnerability.
16c6f4ff1e49361394b17004119f92616b072979bdd28dd5f1b0c7ebba35ae49
Ubuntu Security Notice 4293-1 - It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to access sensitive information. It was discovered that libarchive incorrectly handled certain archive files. An attacker could possibly use this issue to cause a crash resulting in a denial of service or possibly unspecified other impact. This issue only affected Ubuntu 19.10. Various other issues were also addressed.
b3ce47781877c422f784f11e102c7c85af4ed90dd08c975d0db05c60927483a4
The QuickHeal parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (GPFLAG) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the archive and issues the file a "clean" rating.
21b40b46cf54a2a2543b7b5d28c8636ee603079b9c6d362408cdc930b9943fe1