exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2020-09-08

Red Hat Security Advisory 2020-3699-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3699-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Security Fixes: .NET Core: ASP.NET cookie prefix spoofing vulnerability. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof, vulnerability, asp
systems | linux, redhat
advisories | CVE-2020-1045
SHA-256 | 7eeb6e7fa92674b30184bea1625342bc83c0ce98fc29e396e3ea53dc07658cc2
Red Hat Security Advisory 2020-3697-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3697-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2020-1045
SHA-256 | b0926b5143d4f1f9127e3ead2ce19ed26cc788b39d660795a5f2c06d7bc15c99
Microsoft Windows StorageFolder Marshaled Object Access Check Bypass / Privilege Escalation
Posted Sep 8, 2020
Authored by James Forshaw, Google Security Research

The StorageFolder class when used out of process can bypass security checks to read and write files not allowed to an AppContainer.

tags | exploit
advisories | CVE-2020-0886
SHA-256 | 02e31b80fa05e9829fb35764d85806a69ec5db202f42ff20b112f3346433b2c8
Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass
Posted Sep 8, 2020
Authored by Google Security Research, hawkes

The Qualcomm Adreno GPU shares a global mapping called a "scratch" buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU commands. This results in a logic error in the Adreno driver's ringbuffer allocation code, which can be used to corrupt ringbuffer data. A race condition exists between the ringbuffer corruption and a GPU context switch, and this results in a bypass of the GPU protected mode setting. This ultimately means that an attacker can read and write arbitrary physical addresses from userland by running GPU commands while protected mode disabled, which results in arbitrary kernel code execution.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2020-11179
SHA-256 | d663ef06eb4e7deef8bdea200e905217412428d8532fa626e3c1c5c2a7641f51
Microsoft Windows CloudExperienceHostBroker Privilege Escalation
Posted Sep 8, 2020
Authored by James Forshaw, Google Security Research

The CloundExperienceHostBroker hosts unsafe COM objects accessible to a normal user leading to elevation of privilege.

tags | exploit
advisories | CVE-2015-2528, CVE-2020-1471
SHA-256 | 7888834d5b9f65c613c040c3ae903e13e111aac394ea82b8960fd0610e98dd60
Hyland OnBase XML Injection
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from XML external entity injection vulnerabilities.

tags | advisory, vulnerability
SHA-256 | 3dacee5179c39144a77b9148d96722655bd370a5195ee7c7ad75ced5ba541521
Hyland OnBase Insecure Deserialization
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) perform insecure deserialization practices that can lead to code execution.

tags | advisory, code execution
SHA-256 | 1c375814061beaed31c9020dfa7b49bcc04ff9b02a06da5c105e9c46bc4d1c5d
Yaws 2.0.7 XML Injection / Command Injection
Posted Sep 8, 2020
Authored by Alexey Pronin

Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2020-24379, CVE-2020-24916
SHA-256 | a545a3172fc55a8fbfa7ccde9eb9fa21f07d84ee1822019489b84a0f3a5dc7d7
Hyland OnBase Path Traversal
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from path traversal vulnerabilities.

tags | advisory, vulnerability, file inclusion
SHA-256 | c0aa119646df1f1df347e0bc1206a9b1b51ac0409f37d75183a62d7a63c2fe9b
Hyland OnBase DLL Hijacking
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from DLL hijacking vulnerabilities.

tags | advisory, vulnerability
systems | windows
SHA-256 | e49dbe918cc882495411b7160b3cc81912c518a3099cb02384eb64640bd70ee5
Hyland OnBase Denial Of Service
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a Unity client malformed image denial of service vulnerability.

tags | advisory, denial of service
SHA-256 | 9a7be3d75ecad9e4daffb25ac6ee49d70285b846896c5532dc4f8594c41e708c
Hyland OnBase Hardcoded Secrets
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from having hardcoded PKI certificates and AES key material.

tags | advisory
SHA-256 | bc727c3205ab555062293ad759e22da0cf8f20c066816e52a61482e53fa247cf
Rigorous Specifications Of The SSH Transport Layer
Posted Sep 8, 2020
Authored by Erik Poll, Aleksy Schubert

This document presents semi-formal specifications of the security protocol SSH, more specifically the transport layer protocol, and describes a source code review of OpenSSH, the leading implementation of SSH, using these specifications.

tags | paper, protocol
SHA-256 | fbbd9b60846c202528784a869a4008018381ae5c6c81a9420112f8cc31dc1a50
Ubuntu Security Notice USN-4487-2
Posted Sep 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4487-2 - USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-14344, CVE-2020-14363
SHA-256 | 168de6724b6de0d42f9ac0533e6a9001fabef77f53c486c7697efabcf3510931
Ubuntu Security Notice USN-4490-1
Posted Sep 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4490-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-14345
SHA-256 | abad8332e0898a043739e31973d8281d91964ca821c8553e0fd3e938a23152cb
Red Hat Security Advisory 2020-3625-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3625-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-2181, CVE-2020-2182, CVE-2020-2190, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
SHA-256 | 327eeeebf09190a83d9888e88aacdfb8d48054b53c5c2e560c56664005f0ec64
Red Hat Security Advisory 2020-3578-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3578-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-14040, CVE-2020-7015, CVE-2020-7598, CVE-2020-8174
SHA-256 | 76031ee5b291a4db7234b7111c7dc3217a89ce4c9123293670c14dbd76b08150
Red Hat Security Advisory 2020-3662-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3662-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, overflow, php, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-13224, CVE-2019-13225, CVE-2019-16163, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246, CVE-2019-20454, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
SHA-256 | 911f6bbed903dbddefb8bd0bba2f0d12e5864b3e566dea3d632a88ddb5ce9853
Red Hat Security Advisory 2020-3665-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3665-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-14040, CVE-2020-15586, CVE-2020-16845
SHA-256 | 9836ff22ee1c4b573559d076da14b9688fb435fcac091a747e65150878e185b7
Red Hat Security Advisory 2020-3654-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3654-01 - The libcroco is a standalone Cascading Style Sheet level 2 parsing and manipulation library.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-12825
SHA-256 | 7820a60c54380f2069a389090731a9c49e938f43f41cf3fe30f0ad9d173f3f40
Red Hat Security Advisory 2020-3658-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3658-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2020-14352
SHA-256 | acbd1c7d616ab385b0246e8f8c53415649ebfdefb57d3901fbc73adbe78e651f
Red Hat Security Advisory 2020-3678-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3678-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.8.1 serves as an update to Red Hat Process Automation Manager 7.8.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13692, CVE-2020-1714
SHA-256 | b2ca39c3c8ea8a4b1c4a2c2efedd4f3bece282cfb0d9ee38b71f78b4d0582d88
Red Hat Security Advisory 2020-3669-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3669-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include buffer overflow, bypass, and improper authorization vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-10130, CVE-2019-10164, CVE-2019-10208, CVE-2020-14349, CVE-2020-14350, CVE-2020-1720
SHA-256 | 37abfe12007f0123015ff6acb45976e8a68274f270431c5da4edcf0cd23793ca
Red Hat Security Advisory 2020-3675-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3675-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.8.1 serves as an update to Red Hat Decision Manager 7.8.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13692, CVE-2020-1714
SHA-256 | 175056d3c2d1d63e2c2c31dd7a958ba1f74f9587a58ef6f1bdd3290b1a5fe889
Ubuntu Security Notice USN-4489-1
Posted Sep 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4489-1 - Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-14386
SHA-256 | 2f26a7918eeaffd16b03759efce6f29fc3c50de7cc7512d7fa284e1c0d71cbf7
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close