Red Hat Security Advisory 2020-4298-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
299014ca30efa3c45bd95e89d230f844Ubuntu Security Notice 4602-2 - USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
549f62bb06239388f75ae227d8f0e23cRed Hat Security Advisory 2020-4297-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Issues addressed include information leakage, man-in-the-middle, and traversal vulnerabilities.
84a716d1649a82a380bd372199c8e2dbRed Hat Security Advisory 2020-4366-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, memory leak, and traversal vulnerabilities.
7d6e7da12be65b2cdd1595dbfca27aa8TDM Digital Signage Windows Player version 4.1 suffers from an elevation of privileges vulnerability which can be used by a simple authenticated user that can change the executable file with a binary of choice.
9f69935f116659d2b0dbfb1b919205fcUbuntu Security Notice 4583-2 - USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. Various other issues were also addressed.
8943172472289400ae6eeaa13c5ed52bUbuntu Security Notice 4605-1 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service.
c8704c3d9669c74ad12984c2c0623dc0Ubuntu Security Notice 4604-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.22 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
adb8ec498bbe86517a83c89eb92ae6f2Red Hat Security Advisory 2020-4348-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
55b7a6d2804f632e1235ed7f65bfb8caRed Hat Security Advisory 2020-4350-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
a5eb803d0bcd111c8435205a5e2bec9aUbuntu Security Notice 4599-2 - USN-4599-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.
c081d2b1ee52963fe24e3688dbc9a30fRed Hat Security Advisory 2020-4352-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
57021e3008dba7506165a03bc9763cd9Red Hat Security Advisory 2020-4347-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
ef30c787098e2b3abe1451193324993fUbuntu Security Notice 4562-2 - It was discovered that kramdown insecurely handled certain crafted input. An attacker could use this vulnerability to read restricted files or execute arbitrary code.
116484156b01099e55da4d6afc20feaaSentrifugo version 3.2 suffers from a restriction bypass vulnerability that allows for a remote shell upload.
981cdb0177e2271690c25d011e5b38c6Red Hat Security Advisory 2020-4351-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 86.0.4240.111. Issues addressed include buffer overflow and use-after-free vulnerabilities.
196ed8f5f92f2049ae519919731a2e89Red Hat Security Advisory 2020-4349-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
9a874a097fadde3d1ecf012a74495f5cAdtec Digital is a leading manufacturer of Broadcast, Cable and IPTV products and solutions. Many of their devices utilize hard-coded and default credentials within its Linux distribution image for Web/Telnet/SSH access. A remote attacker could exploit this vulnerability by logging in using the default credentials for accessing the web interface or gain shell access as root.
063154d6c7521ecfedc183b52625d739Sphider Search Engine version 1.3.6 remote code execution exploit.
2379dde6c9c4d4aca8f5e6073444d459
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed