what you don't know can hurt you
Showing 1 - 25 of 27 RSS Feed

Files Date: 2020-09-08

Red Hat Security Advisory 2020-3699-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3699-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Security Fixes: .NET Core: ASP.NET cookie prefix spoofing vulnerability. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof, vulnerability, asp
systems | linux, redhat
advisories | CVE-2020-1045
MD5 | 3fa3742d20b581bf1ce4a1edfffb538c
Red Hat Security Advisory 2020-3697-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3697-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Issues addressed include a spoofing vulnerability.

tags | advisory, spoof
systems | linux, redhat
advisories | CVE-2020-1045
MD5 | 763667a5f0f8b6e57cb5dd65043cb46c
Microsoft Windows StorageFolder Marshaled Object Access Check Bypass / Privilege Escalation
Posted Sep 8, 2020
Authored by James Forshaw, Google Security Research

The StorageFolder class when used out of process can bypass security checks to read and write files not allowed to an AppContainer.

tags | exploit
advisories | CVE-2020-0886
MD5 | fcac5139eefb819b4a7b0e211caa1f0d
Qualcomm Adreno GPU Ringbuffer Corruption / Protected Mode Bypass
Posted Sep 8, 2020
Authored by Google Security Research, hawkes

The Qualcomm Adreno GPU shares a global mapping called a "scratch" buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU commands. This results in a logic error in the Adreno driver's ringbuffer allocation code, which can be used to corrupt ringbuffer data. A race condition exists between the ringbuffer corruption and a GPU context switch, and this results in a bypass of the GPU protected mode setting. This ultimately means that an attacker can read and write arbitrary physical addresses from userland by running GPU commands while protected mode disabled, which results in arbitrary kernel code execution.

tags | exploit, arbitrary, kernel, code execution
advisories | CVE-2020-11179
MD5 | 1b8910b13d2d3595dcd217d98080e491
Microsoft Windows CloudExperienceHostBroker Privilege Escalation
Posted Sep 8, 2020
Authored by James Forshaw, Google Security Research

The CloundExperienceHostBroker hosts unsafe COM objects accessible to a normal user leading to elevation of privilege.

tags | exploit
advisories | CVE-2015-2528, CVE-2020-1471
MD5 | c38651bc173d658ea5caddd8450163b6
Hyland OnBase XML Injection
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from XML external entity injection vulnerabilities.

tags | advisory, vulnerability
MD5 | 73776c1814d36459a833a60dc075c439
Hyland OnBase Insecure Deserialization
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) perform insecure deserialization practices that can lead to code execution.

tags | advisory, code execution
MD5 | 3c981b4ffeff1009ea3009c81627d773
Yaws 2.0.7 XML Injection / Command Injection
Posted Sep 8, 2020
Authored by Alexey Pronin

Yaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities.

tags | exploit, remote, vulnerability
advisories | CVE-2020-24379, CVE-2020-24916
MD5 | c619e8801cfec332cd3e0889564d6571
Hyland OnBase Path Traversal
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from path traversal vulnerabilities.

tags | advisory, vulnerability, file inclusion
MD5 | 156aaf01e3f567caba60826f8c0e3305
Hyland OnBase DLL Hijacking
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from DLL hijacking vulnerabilities.

tags | advisory, vulnerability
systems | windows
MD5 | 1ebced414524995b1fa42746405d452f
Hyland OnBase Denial Of Service
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a Unity client malformed image denial of service vulnerability.

tags | advisory, denial of service
MD5 | 413233f3535ffbe6e51b37b73701da05
Hyland OnBase Hardcoded Secrets
Posted Sep 8, 2020
Authored by Adaptive Security Consulting

All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from having hardcoded PKI certificates and AES key material.

tags | advisory
MD5 | d9d4bb39907476543c484fafa7624a32
Rigorous Specifications Of The SSH Transport Layer
Posted Sep 8, 2020
Authored by Erik Poll, Aleksy Schubert

This document presents semi-formal specifications of the security protocol SSH, more specifically the transport layer protocol, and describes a source code review of OpenSSH, the leading implementation of SSH, using these specifications.

tags | paper, protocol
MD5 | 4502a821c4246645b42cedf6191e3bf8
Ubuntu Security Notice USN-4487-2
Posted Sep 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4487-2 - USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-14344, CVE-2020-14363
MD5 | 7b5ef11330385584e46af64155d4486c
Ubuntu Security Notice USN-4490-1
Posted Sep 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4490-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2020-14345
MD5 | 19cdf17747d7e092e4f8abf0216678ca
Red Hat Security Advisory 2020-3625-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3625-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and information leakage vulnerabilities.

tags | advisory, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-2181, CVE-2020-2182, CVE-2020-2190, CVE-2020-2224, CVE-2020-2225, CVE-2020-2226
MD5 | ee4a49890f9ca9474251423fb2473c77
Red Hat Security Advisory 2020-3578-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3578-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2020-10531, CVE-2020-11080, CVE-2020-14040, CVE-2020-7015, CVE-2020-7598, CVE-2020-8174
MD5 | 3e8201c0248689e51a2d6b28bef9496b
Red Hat Security Advisory 2020-3662-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3662-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities.

tags | advisory, web, overflow, php, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2019-11039, CVE-2019-11040, CVE-2019-11041, CVE-2019-11042, CVE-2019-11045, CVE-2019-11047, CVE-2019-11048, CVE-2019-11050, CVE-2019-13224, CVE-2019-13225, CVE-2019-16163, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246, CVE-2019-20454, CVE-2020-7059, CVE-2020-7060, CVE-2020-7062, CVE-2020-7063, CVE-2020-7064, CVE-2020-7065, CVE-2020-7066
MD5 | 1e12fa29983b7f83af758496e3d90857
Red Hat Security Advisory 2020-3665-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3665-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2020-14040, CVE-2020-15586, CVE-2020-16845
MD5 | 7b20dd388003d07058d2947e3ce33a61
Red Hat Security Advisory 2020-3654-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3654-01 - The libcroco is a standalone Cascading Style Sheet level 2 parsing and manipulation library.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-12825
MD5 | 88374879cddce26478227ad7d9b62fdb
Red Hat Security Advisory 2020-3658-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3658-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.

tags | advisory, python
systems | linux, redhat
advisories | CVE-2020-14352
MD5 | 68398ba3588239875ec244c65d0bc8e5
Red Hat Security Advisory 2020-3678-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3678-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.8.1 serves as an update to Red Hat Process Automation Manager 7.8.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13692, CVE-2020-1714
MD5 | 66ccc95f168b4ea8bad261163122f621
Red Hat Security Advisory 2020-3669-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3669-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include buffer overflow, bypass, and improper authorization vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-10130, CVE-2019-10164, CVE-2019-10208, CVE-2020-14349, CVE-2020-14350, CVE-2020-1720
MD5 | 59b67ef16ff6aa9bb22226e4526917c3
Red Hat Security Advisory 2020-3675-01
Posted Sep 8, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-3675-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.8.1 serves as an update to Red Hat Decision Manager 7.8.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and code execution vulnerabilities.

tags | advisory, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-13692, CVE-2020-1714
MD5 | 2a4f053ecd9a745998925e0a686eff30
Ubuntu Security Notice USN-4489-1
Posted Sep 8, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4489-1 - Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2020-14386
MD5 | 9038e89795f6761246dfe52d3c1c5711
Page 1 of 2
Back12Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    1 Files
  • 20
    Sep 20th
    1 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    21 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close