Ubuntu Security Notice 4464-1 - It was discovered that GNOME Shell incorrectly handled the login screen password dialog. Sensitive information could possibly be exposed during user logout.
27a35d2e8e2f7b62fba0bdc4f772c8174e50b13efcc6371edac4db7a01276fd4
ClamOne is an open source Linux front-end to the ClamAV Antivirus Engine. A basic graphical user interface, designed for a Desktop environment, to provide instant feedback when threats are detected on the local system. Features include configuring the clamd daemon directly from the GUI, indication of threats via visual cues as well as notifications, monitoring and updating the virus definitions, monitoring various clam-related event logs and messages, quarantining of detected threats, and visual graphing of antivirus activity.
f250e27eb3c116cb84503f7635105bc042fae9788de5918a15506c7d404de967
Ubuntu Security Notice 4463-1 - It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. Kyungtae Kim discovered that the USB testing driver in the Linux kernel did not properly deallocate memory on disconnect events. A physically proximate attacker could use this to cause a denial of service. Various other issues were also addressed.
9bae40e89e07da10d54b7fabc2d9a2f10be261c5b51e7f931b3529f60b4ed56e
Red Hat Security Advisory 2020-3475-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
4d1b212ed310460f7c14cebdc457a408ed5077e1a54519e2fba54bd4d3b6d5cf
WordPress Elegant Testimonial plugin version 1.1.6 suffers from a persistent cross site scripting vulnerability.
4001e445bea3300c2962d26324ae3a84c15202be2d8172987521789caa23ac00
In this paper, the author presents ELKM, a Linux tool that provides a mechanism to securely transport and load encrypted Loadable Kernel Modules (LKM). The aim is to protect kernel-based rootkits and implants against observation by Endpoint Detection and Response (EDR) software and to neutralize the effects of recovery by disk forensics tooling. The tool as well as the whitepaper is provided in this archive.
90f8eb13eaf41b5f53ca0215da59d606b3744835abc350e84c035ce5e337aa31
Red Hat Security Advisory 2020-3474-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
e33707a21648effcc7921de1ee320bb14788d0b377049fe958d23e6f263fc180
Ubuntu Security Notice 4461-1 - Dominik Penner discovered that Ark did not properly sanitize zip archive files before performing extraction. An attacker could use this to construct a malicious zip archive that, when opened, would create files outside the extraction directory.
8b77ab0583418946ca538da2bc0b79f0c808cfa6b4dd79f73e3808043c87a43f
This Metasploit module exploits a PHP code injection vulnerability in D-Link Central WiFi Manager CWM(100) versions below v1.03R0100_BETA6. The vulnerability exists in the username cookie, which is passed to eval() without being sanitized. Dangerous functions are not disabled by default, which makes it possible to get code execution on the target.
ac0e25a36b1f650a673695023120501aef0392916303b8f4a0574daeb5e71a35
UFONet abuses OSI Layer 7-HTTP to create/manage 'zombies' and to conduct different attacks using GET/POST, multi-threading, proxies, origin spoofing methods, cache evasion techniques, etc.
e0b500cf7432e9f3e87940b14a0c82a075eb96a783e0d1f3101c0a6931476863
WordPress Click To Top plugin version 1.2.7 suffers from a persistent cross site scripting vulnerability.
1b98dcba76d7ba8701e78ac0a3ec04fae93953fcb07a4df694c8e36a5611b1eb
Red Hat Security Advisory 2020-3470-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
8c41ef985a873c34e1500d6376c72a14c1a08e4450eb1f0dd62bf66526444b1c
Red Hat Security Advisory 2020-3471-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.
9c986b6214b7254cf4e6b3b36b5e907fefe8a2ac4dfebf0306f1e7acd21daa8f
Ubuntu Security Notice 4462-1 - It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service.
fb0e88bc41f4506e33d919ac3bcfd5b540e7a37e4a4d4b56d5b09ea6fd34366e
WordPress Change Login Logo plugin version 1.0.1 suffers from a persistent cross site scripting vulnerability.
7993527c734646f6b5795851c7757282b97883c544e56274b5878255b840bdec
Red Hat Security Advisory 2020-3453-01 - The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Issues addressed include cross site scripting and denial of service vulnerabilities.
dcba8ed7be6bf93cafc80deff5dd57772dc8ea7c104f758c6b9f084ddded22ca
Tailor Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
6639118d29bceefaec78d6b51566ed7c0a0d9abd5a3a18d576a7508d0f922521
Ubuntu Security Notice 4460-1 - It was discovered that Oniguruma incorrectly handled certain regular expressions. An attacker could possibly use this issue to cause a denial of service, obtain sensitive information or other unspecified impact.
81353d08ed185bd09b1a38842ed60c2e15eacb213eaaba32f0f0e5bf0513abbb
vBulletin version 5.6.2 suffers from a persistent cross site scripting vulnerability.
6797e8d2f7f5133f6e61f40e7b532b6ad62a8debe938bad1511a6ef507e1d286