Red Hat Security Advisory 2020-4390-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include denial of service, memory exhaustion, and remote SQL injection vulnerabilities.
5e29b134d33cbe475b05d7701f782272Red Hat Security Advisory 2020-4391-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.
d7d644f1e0cca176509c26368eef462fUbuntu Security Notice 4552-3 - USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Various other issues were also addressed.
632ca4e5ebf9fb3048aa8ec5c35d3c54FreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.
486d3f9f9d645b3bc7af767d7f2dd9cdRed Hat Security Advisory 2020-4384-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 and includes bug fixes and enhancements. Issues addressed include buffer overflow and integer overflow vulnerabilities.
311f6e8b65edb0c6e754689d10bb678cRed Hat Security Advisory 2020-4383-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 4 and includes bug fixes and enhancements. Issues addressed include buffer overflow and integer overflow vulnerabilities.
15a41e2761e88452057b8241a4cdfbeaRed Hat Security Advisory 2020-4283-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.
770ac2ee761092d1f8affbe880ff74f2Red Hat Security Advisory 2020-4381-01 - The openstack-selinux package is a collection of SELinux policies for running OpenStack on Red Hat Enterprise Linux.
fe13fda2486e689d7ca55618bd6579b0Ubuntu Security Notice 4608-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle.
4a82710366d6b5ca1f43f34e4d8f761bOracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from local file inclusion and directory traversal vulnerabilities.
067512dbc1fd13c960d6837eb1c78dd9God Kings version 0.60.1 suffers from an improper authorization issue allowing for in-game notification spoofing.
0ccdb58d79a24e7f88b7511778b7606cGentoo Linux Security Advisory 202010-8 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 82.0 are affected.
8a45cc7394842ea8e94bba518d33885cCSE Bookstore version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
d3aadf2b646624fb0e923161209bb1f7Ubuntu Security Notice 4607-1 - It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service via a specially crafted input. Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. Various other issues were also addressed.
5415752655f0e455fc9170072766e9f8Nagios XI version 5.7.3 mibs.php remote command injection exploit.
8e729d2d07e2d318addb68643737cde7Ubuntu Security Notice 4603-1 - It was discovered that MariaDB didn't properly validate the content of a packet received from a server. A remote attacker could use this vulnerability to sent a specialy crafted file to cause a denial of service. It was discovered that MariaDB has other security issues. An attacker can cause a hang or frequently repeatable crash. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
0573b9c8ba4101525d52bc7c87e6951bUbuntu Security Notice 4600-2 - USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash. Various other issues were also addressed.
7e57f46c987a9078e9c417ea47e51a55Blueman versions prior to 2.1.4 suffer from a local privilege escalation vulnerability that achieves root.
d12eee8c984e0886c5230dcda82b9d70aptdaemon versions prior to 1.1.1 suffer from a file existence disclosure vulnerability.
72d33256b55784b13bf8b057244b0ca2Ubuntu Security Notice 3081-2 - Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges.
3033f5f797851ab5b2c70da0510266daPackageKit versions prior to 1.1.13 suffer from a file existence disclosure vulnerability.
203c6d86831356dc527b7f552dfb2e0fOnline Library Management System version 1.0 suffers from a remote shell upload vulnerability.
459c992933d1f7209cbdf12c6e9c33d4Point of Sales version 1.0 suffers from a remote SQL injection vulnerability.
eede65cf1547b8a3fb1923b34e462ebcGym Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
6e56883ad7e28b8bddeeabeaf74f5ac7Gym Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
669a5af8d67652b96320ac7bea83461b
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed