what you don't know can hurt you
Showing 1 - 25 of 25 RSS Feed

Files Date: 2020-03-19

Oce Colorwave 500 CSRF / XSS / Authentication Bypass
Posted Mar 19, 2020
Authored by Marco Ortisi, redtimmysec, Giuseppe Cali

Oce Colorwave 500 printer suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, bypass, csrf
advisories | CVE-2020-10667, CVE-2020-10668, CVE-2020-10669, CVE-2020-10670, CVE-2020-10671
MD5 | 51d2962185d7ad115ac770a057370202
Kernel Live Patch Security Notice LSN-0064-1
Posted Mar 19, 2020
Authored by Benjamin M. Romer

Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information.

tags | advisory, kernel
systems | linux
advisories | CVE-2020-2732
MD5 | 951ac2ddda0402fb80ea73acdceeffb9
Gentoo Linux Security Advisory 202003-46
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-46 - Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. Versions less than 0.102.2 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2019-15961, CVE-2020-3123
MD5 | 5ae170548888493ed7b9d5ac2e56febd
Ubuntu Security Notice USN-4308-1
Posted Mar 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4308-1 - it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a man-in-the-middle attack and obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2019-12387, CVE-2019-12855, CVE-2019-9515, CVE-2020-10109
MD5 | 58561d55ac4406af56c6957961d6a8f3
Gentoo Linux Security Advisory 202003-45
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-45 - A flaw in PyYAML might allow attackers to execute arbitrary code. Versions less than 5.1 are affected.

tags | advisory, arbitrary
systems | linux, gentoo
advisories | CVE-2017-18342
MD5 | 6a7911bf48994b76dbc068d69475d527
Gentoo Linux Security Advisory 202003-44
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-44 - A heap-based buffer overflow in Binary diff might allow remote attackers to execute arbitrary code. Versions less than 4.3-r4 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2014-9862
MD5 | c25444a2fb2b83ebed702f4e4678959d
Gentoo Linux Security Advisory 202003-43
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-43 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to arbitrary code execution. Versions less than 8.5.51 are affected.

tags | advisory, arbitrary, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2019-0221, CVE-2019-12418, CVE-2019-17563, CVE-2020-1938
MD5 | 0706e45ff179a253dcaf250f869f7c9e
Gentoo Linux Security Advisory 202003-42
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-42 - Multiple vulnerabilities have been found in libgit2, the worst of which could result in the arbitrary execution of code. Versions less than 0.28.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-1348, CVE-2019-1350, CVE-2019-1387
MD5 | 1c5464136594a6cb49cda6252e8ad460
Gentoo Linux Security Advisory 202003-41
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-41 - A heap-based buffer overflow in GNU FriBidi might allow remote attackers to execute arbitrary code. Versions less than 1.0.8 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2019-18397
MD5 | f4432957af37e9a2ef4083ad8679d5c4
Gentoo Linux Security Advisory 202003-40
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-40 - Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.2.9 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-16723, CVE-2019-17357, CVE-2019-17358, CVE-2020-7106, CVE-2020-7237
MD5 | 37ff622a190e0e5aad677e4ea1da840d
Gentoo Linux Security Advisory 202003-39
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-39 - An SQL injection vulnerability in phpMyAdmin may allow attackers to execute arbitrary SQL statements. Versions less than 4.9.2 are affected.

tags | advisory, arbitrary, sql injection
systems | linux, gentoo
advisories | CVE-2019-18622
MD5 | 227ffa695c575be3dd79475ad5f685d9
Gentoo Linux Security Advisory 202003-38
Posted Mar 19, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-38 - A vulnerability in Imagick PHP extension might allow an attacker to execute arbitrary code. Versions less than 3.4.4 are affected.

tags | advisory, arbitrary, php
systems | linux, gentoo
advisories | CVE-2019-11037
MD5 | 0580d03589f01e0c41eeade5fbe8277d
TOR Virtual Network Tunneling Tool 0.4.2.7
Posted Mar 19, 2020
Authored by Roger Dingledine | Site tor.eff.org

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).

Changes: This is the third stable release in the 0.4.2.x series. It backports numerous fixes from later releases, including a fix for TROVE-2020- 002, a major denial-of-service vulnerability that affected all released Tor instances since 0.2.1.5-alpha. Various other issues were also addressed.
tags | tool, remote, local, peer2peer
systems | unix
advisories | CVE-2020-10592, CVE-2020-10593
MD5 | a4b338b9f7444f4f89259c9736ff74c8
Red Hat Security Advisory 2020-0905-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0905-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Issues addressed include code execution and use-after-free vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814
MD5 | 7604dde899916be6fe69a3b3334643b6
Red Hat Security Advisory 2020-0903-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0903-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more. An issue with insecure dropping of privileges when unsetting PRIVILEGED option was addressed.

tags | advisory, shell
systems | linux, redhat
advisories | CVE-2019-20044
MD5 | 5110a4e6e153779bcd9a54dae8876dbc
Easy File Sharing Web Server 7.2 Local Buffer Overflow
Posted Mar 19, 2020
Authored by Felipe Winsnes

Easy File Sharing Web Server version 7.2 SMTP Password local SEH buffer overflow exploit.

tags | exploit, web, overflow, local
MD5 | b972fc4a0fe1a18c9778eddf12a1231b
Red Hat Security Advisory 2020-0902-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0902-01 - The International Components for Unicode library provides robust and full-featured Unicode services. An integer overflow in UnicodeString::doAppend() was addressed.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2020-10531
MD5 | c510326afe726c439a8482619e7ddacf
Red Hat Security Advisory 2020-0901-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0901-01 - The International Components for Unicode library provides robust and full-featured Unicode services. An integer overflow in UnicodeString::doAppend() was addressed.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2020-10531
MD5 | b93586b5e1b6c78fe3e7e81d75088c21
Red Hat Security Advisory 2020-0899-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0899-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.7.0 serves as an update to Red Hat Decision Manager 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and information leakage vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-0231, CVE-2019-10086, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-7611
MD5 | 10c1329f5adc6754e4bb550dde243ea4
Red Hat Security Advisory 2020-0897-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0897-01 - The International Components for Unicode library provides robust and full-featured Unicode services. An integer overflow in UnicodeString::doAppend() was addressed.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2020-10531
MD5 | d1ba4ab2091e9e31d3a6d54f60fa445d
Red Hat Security Advisory 2020-0896-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0896-01 - The International Components for Unicode library provides robust and full-featured Unicode services. An integer overflow in UnicodeString::doAppend() has been addressed.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2020-10531
MD5 | b0ec50198087a8a64620bcc70fd1c027
Red Hat Security Advisory 2020-0898-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0898-01 - The Python Imaging Library adds image processing capabilities to your Python interpreter. This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. An issue where improperly restricted operations on a memory buffer in libImaging/PcxDecode.c were addressed.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2020-5312
MD5 | c6ca14c6794e492aebf3fd6f33a36289
Ubuntu Security Notice USN-4307-1
Posted Mar 19, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4307-1 - As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments.

tags | advisory, web
systems | linux, ubuntu
MD5 | e2a253b437a5a244f9517bf9600a61ec
Red Hat Security Advisory 2020-0895-01
Posted Mar 19, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0895-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.7.0 serves as an update to Red Hat Process Automation Manager 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and information leakage vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-0231, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019-17531, CVE-2019-7611
MD5 | 761adc00910ab6a7f54397f1e6952894
Broadcom Wi-Fi KR00K Proof Of Concept
Posted Mar 19, 2020
Authored by Maurizio Siddu

Broadcom Wi-Fi device KR00K information disclosure proof of concept exploit. It works on WPA2 AES CCMP with Frequency 2.4GHz WLANs.

tags | exploit, proof of concept, info disclosure
advisories | CVE-2019-15126
MD5 | 98b594cbe4b6ceea6d1932367e850f97
Page 1 of 1
Back1Next

File Archive:

November 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    2 Files
  • 2
    Nov 2nd
    9 Files
  • 3
    Nov 3rd
    15 Files
  • 4
    Nov 4th
    90 Files
  • 5
    Nov 5th
    22 Files
  • 6
    Nov 6th
    16 Files
  • 7
    Nov 7th
    1 Files
  • 8
    Nov 8th
    1 Files
  • 9
    Nov 9th
    40 Files
  • 10
    Nov 10th
    27 Files
  • 11
    Nov 11th
    28 Files
  • 12
    Nov 12th
    13 Files
  • 13
    Nov 13th
    18 Files
  • 14
    Nov 14th
    2 Files
  • 15
    Nov 15th
    2 Files
  • 16
    Nov 16th
    29 Files
  • 17
    Nov 17th
    15 Files
  • 18
    Nov 18th
    15 Files
  • 19
    Nov 19th
    21 Files
  • 20
    Nov 20th
    16 Files
  • 21
    Nov 21st
    1 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    19 Files
  • 24
    Nov 24th
    32 Files
  • 25
    Nov 25th
    9 Files
  • 26
    Nov 26th
    11 Files
  • 27
    Nov 27th
    15 Files
  • 28
    Nov 28th
    9 Files
  • 29
    Nov 29th
    2 Files
  • 30
    Nov 30th
    17 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close