Ubuntu Security Notice 4588-1 - It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.
c93c71e5707584e309f32196cbb377eaUbuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.
f6fae5027be9e5b089b950f64fd8d5abUbuntu Security Notice 4587-1 - Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a0940d2ea11a0ed386f0828fbb1f40c5nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
c082aad808176a8d6013a35669b567eaRedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system version 2.2.25 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the file system and perform server-side requests. This leads to administrative access to the BigBlueButton instance.
1a72d1032c8f0f83c5469fbb6b44e8deUbuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
9c7bf230e29a045c5b7a3d87aa96b325Red Hat Security Advisory 2020-4295-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
23302508cd17a5e8da4d24bbbd49489cBludit versions 3.9.2 and below bruteforce mitigation bypass exploit. Please visit the related homepage for deep dive details on usage.
e7c839c9101282f68b61aaf90a274f8fTiki Wiki CMS Groupware version 21.1 suffers from an authentication bypass vulnerability.
95aba074500208607726474dea8fdfb3Libtaxii versions 1.1.117 and below and OpenTaxi versions 0.2.0 and below suffer from a server-side request forgery vulnerability.
4ec4e9c58186d3b197dc3f996d493d46Red Hat Security Advisory 2020-4264-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
71ada3b5556f039a7b36202dee923f3dUbuntu Security Notice 4595-1 - It was discovered that Grunt did not properly load yaml files. An attacker could possibly use this to execute arbitrary code.
e1ac33c4930fe12fca5c85c0a9fb888aGOautodial version 4.0 suffers from a remote shell upload vulnerability.
1dc47bb67a41c4ba34d498a30ea9daaeUbuntu Security Notice 4594-1 - It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service.
09feead29d4e43821693a19b2ad24befSchool Faculty Scheduling System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d8cd9ba03b6aa87bdcc2a6fc31b8fcaaSchool Faculty Scheduling System version 1.0 suffers from a persistent cross site scripting vulnerability.
df052c90264d580aa8849fbed6343975Red Hat Security Advisory 2020-4299-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include crlf injection, denial of service, and double free vulnerabilities.
89a9cb754fbb97802d7fe82be6995570Hrsale version 2.0.0 suffers from a local file inclusion vulnerability.
88dac6a7e7cede1e94e86a14088dd82f
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed