The TX Power value in the metadata in the beacon of the GAEN protocol used by the corona/contact tracing app allows for attackers to influence risk-score calculations in their favor and the same metadata can also be used to deanonymize diagnosed users based on the type of phone they are using.
327419dece0900ea7e5541c080133f27f84f526d86f6c2191e14654349a7f444Restaurant Reservation System version 1.0 suffers from an authenticated remote SQL injection vulnerability.
ea0b9fc5533a77937a00adf2c0ffb42ca93e57fdcc9f32c8e81ff679b7eeaab4Red Hat Security Advisory 2020-4176-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
bb8b36a7c39b7350325c2b8a95593bd25725c17becfa76559fb6cf1c21f12cc4Ubuntu Security Notice 4571-1 - It was discovered that rack-cors did not properly handle relative file paths. An attacker could use this vulnerability to access arbitrary files.
a0a0658399d5e63d849ed5966f66fabd79ae781d9b68bb0c3de1e3f760f7fb7fUbuntu Security Notice 4570-1 - It was discovered that urllib3 incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.
bc34327ecae46eb773cf8d568fc89319012049888c446b6040f05627fc396462Ubuntu Security Notice 4568-1 - It was discovered that Brotli incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash.
f9097e44079849e43da37d40cacdf85e0ee55963187a691508646279fae394a1SpamTitan version 7.07 suffers from an unauthenticated remote code execution vulnerability in snmp-x.php.
46511399bed0e9da7c7e842465a1d68fcec18943d583bc702307a069fc3d4fa3RocketLinx Series suffers from unauthenticated device administration, backdoor account, cross site request forgery, command injection, and unauthenticated tftp action vulnerabilities. Multiple versions are affected.
8442cf2977502cf345c9cdeea5392c4f9553884f014a51ece6c87fa179154e17Ubuntu Security Notice 4569-1 - It was discovered that Yaws did not properly sanitize XML input. A remote attacker could use this vulnerability to execute an XML External Entity injection attack. It was discovered that Yaws mishandled certain input when running CGI scripts. A remote attacker could use this vulnerability to execute arbitrary commands.
8427560bcb397eab5a79c38d2dd2ed9f39fe10fa9dd337ea9c02b328aeac99b1Red Hat Security Advisory 2020-4174-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
ece2f685a93347ca11789257aa9f028c304745d9d554145f31d7c8d3c81c0f28Red Hat Security Advisory 2020-4173-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
8b8e071b436569c662b5e7affa725ef63be59fbcf87ea8c078aab51857b186f5GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.
b0ccda97087aaa7971b0c68d4ae786c7ce80b8febe3d1fe7afb902d96f6560dasqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
bdc38d1adc5fa95f28e74aa994707916239a8cc033e3cb6ce2fe9c68c167e3ffRed Hat Security Advisory 2020-4172-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a code execution vulnerability.
a29c0d6d2c6b0d02645acb4907ddead0576c0147d5e8f6943debebb31c9278b4Red Hat Security Advisory 2020-4167-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include a memory leak vulnerability.
5510d06dfab09d9c352ee681cc67eb6b0acf5a015566e42dd1ad0ac9d37e06a2
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed