ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
5fee15e2fe67f4a312641b206b87d209Eikon Thomson Reuters version 4.0.42144 suffers from a weak permissions issue that can lead to code execution.
6d91015a714754463b09047fbee74073Ubuntu Security Notice 4477-1 - Amit Klein discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request smuggling attack, resulting in cache poisoning. RĂ©gis Leroy discovered that Squid incorrectly validated certain data. A remote attacker could possibly use this issue to perform an HTTP request splitting attack, resulting in cache poisoning. Lubos Uhliarik discovered that Squid incorrectly handled certain Cache Digest response messages sent by trusted peers. A remote attacker could possibly use this issue to cause Squid to consume resources, resulting in a denial of service. Various other issues were also addressed.
44c77ca040383d52dd8b135b79c2c848Ubuntu Security Notice 4476-1 - It was discovered that NSS incorrectly handled some inputs. An attacker could possibly use this issue to expose sensitive information.
cea24f01d8bde28567ed3a511bb39e16Red Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass and code execution vulnerabilities.
bd03d4978fc69d3110e68b9684b0e2b9Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.
8be781eaf06f1659e68f4efbe0b4df1bASX to MP3 Converter version 3.1.3.7.2010.11.05 .wax local buffer overflow proof of concept exploit with DEP and ASLR bypass.
b975aa6681a32ca65d9f4b200fd584c1GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
34594b2b90e23555145f07679c5c8d07Ubuntu Security Notice 4475-1 - It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.
14921cf609df424352817f166e5b905cUbuntu Security Notice 4446-2 - USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.
3ce54dac1a09ed855009027ca7b777d9Gentoo Linux Security Advisory 202008-16 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.12.0 are affected.
d2d5fa8f239faecd411afea010b9d763Gentoo Linux Security Advisory 202008-15 - A flaw in Docker allowed possible information leakage. Versions less than 19.03.12 are affected.
ad76bcba9d38c6fbc310757dcab17135Red Hat Security Advisory 2020-3541-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.
0ecdeb89cf242d6818269471c5c3a3fdGentoo Linux Security Advisory 202008-14 - A vulnerability in Wireshark could lead to a Denial of Service condition. Versions less than 3.2.6 are affected.
1e5459042bd089d4d832228eae1cc37eGentoo Linux Security Advisory 202008-13 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in privilege escalation. Versions less than 9.5.23:9.5 are affected.
6f214f2c2e8cff8f24516622f39f523bGentoo Linux Security Advisory 202008-12 - Multiple vulnerabilities have been found in Net-SNMP, the worst of which could result in privilege escalation. Versions less than 5.8.1_pre1 are affected.
a5fd0005a39431ed4a17c4524b37fbf6Gentoo Linux Security Advisory 202008-11 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 85.0.4183.83 are affected.
17ebfee40a5ca3c70489622b57e48299I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
5ea06e7a4e4795c9b7af6009063bc3b4
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed