Ubuntu Security Notice 4353-2 - USN-4353-1 fixed vulnerabilities in Firefox. The update caused a regression that impaired the functionality of some addons. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, bypass security restrictions, spoof the URL bar, or execute arbitrary code.
2ad6c6f21676c8432c028bb99a830683e79e2514839c0c7e020b5d17aeaa07ed
Red Hat Security Advisory 2020-2117-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Issues addressed include file overwrite and use-after-free vulnerabilities.
5944b7f5075e90779cb4a1259685235624c7f4a0a9aef1002db944795d4e2225
Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command-line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
ed3050c4569989ee7ab54c7b87246b41ed808259632849be0706467442dc0693
Druva inSync client for Windows exposes a network service on TCP port 6064 on the local network interface. inSync versions 6.5.2 and prior do not validate user-supplied program paths in RPC type 5 messages, allowing execution of arbitrary commands as SYSTEM. This Metasploit module has been tested successfully on inSync version 6.5.2r99097 on Windows 7 SP1 (x64).
12e3b974b7cb427087439bf5f922afb373bca8c3346525b183f6422b28801319
This Metasploit module exploits a Python code injection in the Netsweeper WebAdmin component's unixlogin.php script, for versions 6.4.4 and prior, to execute code as the root user. Authentication is bypassed by sending a random whitelisted Referer header in each request. Tested on the CentOS Linux-based Netsweeper 6.4.3 and 6.4.4 ISOs. Though the advisory lists 6.4.3 and prior as vulnerable, 6.4.4 has been confirmed exploitable.
dcae513897070a9218f0bedaca27c407e24184902dfdcf5421907f51081acf14
This Metasploit module exploits unauthenticated access to the runner() and _send_pub() methods in the SaltStack Salt master's ZeroMQ request server, for versions 2019.2.3 and earlier and 3000.1 and earlier, to execute code as root on either the master or on select minions. VMware vRealize Operations Manager versions 7.5.0 through 8.1.0 are known to be affected by the Salt vulnerabilities. Tested against SaltStack Salt 2019.2.3 and 3000.1 on Ubuntu 18.04, as well as Vulhub's Docker image.
8a5e7d31040e1c21ab99f881d936f3d17aadab8f8786980255feab1b1b628534
Adobe DNG SDK suffers from memory corruption and other crashes caused by malformed .dng images.
5e0cb4cf3dda82ee681cc340b6ee9c3fd167c5e730a49ac40effd6914c779db6
Adobe DNG SDK suffers from an out-of-bounds read that can lead to an arbitrary write vulnerability in dng_lossless_decoder::DecodeImage.
10f9d909a875c4ab314d16a0b9077d0dc02afff41825b02a198cf4fd6e780afd
Red Hat Security Advisory 2020-2116-01 - The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Issues addressed include a file overwrite vulnerability.
2a226335bce3fad5ce8862d10b30050a43eb4dc8c72a66263f726842da26ad4a
Ubuntu Security Notice 4355-1 - PulseAudio in Ubuntu contains additional functionality to mediate audio recording for snap packages and it was discovered that this functionality did not mediate PulseAudio module unloading. An attacker-controlled snap with only the audio-playback interface connected could exploit this to bypass access controls and record audio.
f89ac9f3c1fcc6d7de8801e0741e6d014ce643cf7b4fbe897dbd51b69a85ad9c
Red Hat Security Advisory 2020-2081-01 - The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of virtual-python. Issues addressed include crlf injection and cross-host redirect vulnerabilities.
53767ad5352ed20cb8ca7c3918fe2dda72fa748930d38fe6c8f1a01451dc060f
LanSend version 3.2 suffers from a buffer overflow vulnerability.
aea9ad2b46bc92ead403dc4a49108f5c7b285ef6a058e44d905615a2e913ba0f
Red Hat Security Advisory 2020-2082-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free, memory leak, null pointer, and use-after-free vulnerabilities.
438552c618e8448c249b09fd48a41683780f74a25b518e02c76eaa8a1fe4f389
qdPM version 9.1 suffers from an arbitrary file upload vulnerability.
29677c9aeba89af9fcf295f75937caccf52029e7fa9463e55173aedd624ed875
Red Hat Security Advisory 2020-2068-01 - pip is a package management system used to install and manage software packages written in Python. Many packages can be found in the Python Package Index. pip is a recursive acronym that can stand for either "Pip Installs Packages" or "Pip Installs Python". Issues addressed include crlf injection and cross-host redirect vulnerabilities.
87966f1f0dcdbef82c708d2e11bbdf46353bf73a365411cf42ea50c58ea945dd
Cisco Digital Network Architecture Center version 1.3.1.4 suffers from a persistent cross site scripting vulnerability.
b79e78cd34f779177fdeb2527036085286faae53fc72ed9b3b21853e608b7b38
Red Hat Security Advisory 2020-2085-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include double free, null pointer, and use-after-free vulnerabilities.
1da5837554e325f987c40003b0a17d619fa93c955d1672b81131b48541ccb998
CuteNews version 2.1.2 suffers from a remote shell upload vulnerability.
1bf71f9d33300d7dc2cc4132c6b15db181f3b4df8f6712432611c28b8929c56a
Red Hat Security Advisory 2020-2113-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This asynchronous patch is a security update for the Undertow package in Red Hat Single Sign-On 7.3.8. Issues addressed include a traversal vulnerability.
26efab94d24870b9ab7810a8bd4a6b16d6f150f94c6d348c6eb4606ad8bf0c9f
Red Hat Security Advisory 2020-2112-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, cross site scripting, information leakage, and remote SQL injection vulnerabilities.
cc25bf894d12d246c2a3f85d3a74da7c30344c59ca8d3e461341a2ae169d64d6
Whitepaper called Kerberos: Achieving Command Execution Using Silver Tickets.
83cd3b8ff1c0604296dc343f1d6082284f701d9ad005d072d420258dfcc14ab5
Red Hat Security Advisory 2020-2108-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 8 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.
5edb2247cdeab3fa4150ea254918bb506fc07b138b4f1d06fda1e55d9770a09d
Red Hat Security Advisory 2020-2106-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 6 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.
fbf785a9c43f0e6569e247edd1c52b25ef1e2189473f712011893953db6a523d
macOS 320.whatis Script suffers from a privilege escalation vulnerability.
e578f65b68fcf2548e910793e37c196e060d6250ff94cec53221209d10a3ca20
Red Hat Security Advisory 2020-2107-01 - Red Hat Single Sign-On 7.3 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.3.8 on RHEL 7 serves as a replacement for Red Hat Single Sign-On 7.3.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include an information leakage vulnerability.
d0a4b775eee67f93fddb98238afbecc709605a831e21690397f64ea7095fb680