The TX Power value in the metadata in the beacon of the GAEN protocol used by the corona/contact tracing app allows for attackers to influence risk-score calculations in their favor and the same metadata can also be used to deanonymize diagnosed users based on the type of phone they are using.
938f2b1f1cd1a2ea7fd541a78f8804d0Restaurant Reservation System version 1.0 suffers from an authenticated remote SQL injection vulnerability.
548568c89ff58e88f64b750303928c3bRed Hat Security Advisory 2020-4176-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
d22d94a8cda118223d6d82812611a49dUbuntu Security Notice 4571-1 - It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files.
3792c9ba4991a2361f83302e19df622dUbuntu Security Notice 4570-1 - It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.
94d0262eabdbd307023dc56562e3ca2eUbuntu Security Notice 4568-1 - It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash.
cd338bab79a09cb37fa2330bc5282b74SpamTitan version 7.07 suffers from an unauthenticated remote code execution vulnerability in snmp-x.php.
a3dbab90c996c6fb7053300bdca18311RocketLinx Series suffers from unauthenticated device administration, backdoor account, cross site request forgery, command injection, and unauthenticated tftp action vulnerabilities. Multiple versions are affected.
9664ca8388506a40ebc5918326533f75Ubuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands.
b57e1fe6c87cc3eebc0b2bd7a99b1ee1Red Hat Security Advisory 2020-4174-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
1b1f359a1928681ebd0f4791f9680247Red Hat Security Advisory 2020-4173-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
d2c5c03024d2ec3c0f208032ef828dc5GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
6f340d45372ed83e85217d6573df0257sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
e8ef8c77d9d611ea17e512c84da77716Red Hat Security Advisory 2020-4172-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a code execution vulnerability.
7698deb0caf019d910b610e071019288Red Hat Security Advisory 2020-4167-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a memory leak vulnerability.
d35c6413c3fecfc3f8c5c97fdc211b36
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed