Insecure TLS session reuse can lead to a hostname verification bypass in Node.js.
9bde5356a44eb307d096d404cbcdc1d0Apache Tomcat is affected by a Java deserialization vulnerability if the PersistentManager is configured as session manager. Successful exploitation requires the attacker to be able to upload an arbitrary file to the server. This archive includes a write up and proof of concept code from multiple researchers.
a4290abd849a9bb4c118b840fc087ac9Sabberworm PHP CSS parser suffers from a code injection vulnerability. Many versions are affected.
3a39459dcc05923af09d4a4ccd02d788The DFG and FTL JIT compilers incorrectly replace Checked with Unchecked ArithNegate operations (and vice versa) during Common Subexpression Elimination. This can then be exploited to cause out-of-bounds accesses and potentially other memory safety violations.
0b1a6974a8c2118b0cb88077ae99fe29This archive holds Bluetooth Impersonation Attack (BIAS) CVE-2020-10135 proof of concept and reproduction research from multiple researchers.
a475ec6792f7dd27ad27b9595b77195aRed Hat Security Advisory 2020-2383-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. An issue was addressed where BIND does not sufficiently limit the number of fetches performed when processing referrals as well as an issue where a logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c.
e92db49e925089bf66c1739a06cdd557Red Hat Security Advisory 2020-2382-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.
148ad12673ba8af9889b7e8f82bca823Ubuntu Security Notice 4381-1 - Dan Palmer discovered that Django incorrectly validated memcached cache keys. A remote attacker could possibly use this issue to cause a denial of service and obtain sensitive information. Jon Dufresne discovered that Django incorrectly encoded query parameters for the admin ForeignKeyRawIdWidget. A remote attacker could possibly use this issue to perform XSS attacks.
aaca05b8d77be7a8f192fc887ad484f3Red Hat Security Advisory 2020-2378-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.
9ce6b09eefaa7f03f22cd7cc3b209537Red Hat Security Advisory 2020-2305-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a privilege escalation vulnerability.
531015559ab4641fa3171c1ae13b8dd8Red Hat Security Advisory 2020-2306-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include denial of service and memory exhaustion vulnerabilities.
5690550c5786b9cc96802ffef5bf5934Red Hat Security Advisory 2020-2380-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.
718039aea02d89abea82c0116954d7bdRed Hat Security Advisory 2020-2379-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.9.0 ESR. Issues addressed include a use-after-free vulnerability.
006e3e56389b82715e8996ec67c8cc8aApple Security Advisory 2020-06-01-4 - watchOS 6.2.6 is now available and addresses a code execution vulnerability.
97fcc3ee70140e4a6ac5a07f25f15d1fOpenCart version 3.0.3.2 suffers from a persistent cross site scripting vulnerability.
a227cafc12e096a8d0cd56342e5b5341
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed