Red Hat Security Advisory 2020-4390-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include denial of service, memory exhaustion, and remote SQL injection vulnerabilities.
4cebf7d44e31c240a760ae6facd694e9856c3d52ac9e2b2f51d8b4f4f0e24ad7Red Hat Security Advisory 2020-4391-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.
fa5591d87819bf308f377e7976839eb0308369434f2c875830e243f4ee5ae53dUbuntu Security Notice 4552-3 - USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Various other issues were also addressed.
51483cd9b602df9bae06a2d916daa0499320d343ef1be1b1afd3b143c509400aFreeType suffers from a heap buffer overflow vulnerability due to integer truncation in Load_SBit_Png.
3e74cc76bab0b12102b081d5d5527d7a09ac96232ae08096c3cc4702512988b9Red Hat Security Advisory 2020-4384-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 and includes bug fixes and enhancements. Issues addressed include buffer overflow and integer overflow vulnerabilities.
467d98d3dc3e453dab213eac2a788f9c54641adf327662b50e225048b78e03a6Red Hat Security Advisory 2020-4383-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 4 and includes bug fixes and enhancements. Issues addressed include buffer overflow and integer overflow vulnerabilities.
e3fa177914caddbd671a91d6b248da680b85881080ad1c62d8b0d466e506ead0Red Hat Security Advisory 2020-4283-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.
7a511b396227e7c79c224ab43bb0fc1fd0e7cc0f2eb2ea0a8159a187a4a9ad86Red Hat Security Advisory 2020-4381-01 - The openstack-selinux package is a collection of SELinux policies for running OpenStack on Red Hat Enterprise Linux.
06319d6e786fcdfe626e9df9c43b5eea6831a23ba224550b10bfbb51d9e1501aUbuntu Security Notice 4608-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle.
9b4019ce3ed6eb8dde275c3fce9d925a189d33c1ad19b15beb797f1ebf82276bOracle Business Intelligence Enterprise Edition versions 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 suffer from local file inclusion and directory traversal vulnerabilities.
1ce61cfa5df4fb1911183bd9133f8dd66643cf0945794e668ec5c2a5cb8333b5God Kings version 0.60.1 suffers from an improper authorization issue allowing for in-game notification spoofing.
0739b7472a6c8181be50dac6e880dba434850aeb93bca40ab3c19da4c9c1fd8cGentoo Linux Security Advisory 202010-8 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 82.0 are affected.
d6f8ee617bc93a30faf7d5fad1b396758ce22538d413ac0e4661c2bb01acfc59CSE Bookstore version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
22ade0807de506d719e10260a6706f161c23e19eabb44126ae5efb25be5761a3Ubuntu Security Notice 4607-1 - It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service via a specially crafted input. Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. Various other issues were also addressed.
511d4e10ce236dd52aeb3cf636a58fa4bc77beae290a7b505ccd45dceb05dedbNagios XI version 5.7.3 mibs.php remote command injection exploit.
6855f4caf30f9e7751d6594a73e43b55ca31b7b9ddebeacdfa7108721c29da09Ubuntu Security Notice 4603-1 - It was discovered that MariaDB didn't properly validate the content of a packet received from a server. A remote attacker could use this vulnerability to sent a specialy crafted file to cause a denial of service. It was discovered that MariaDB has other security issues. An attacker can cause a hang or frequently repeatable crash. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
0294356c27b1e6c2fe77a483a9758f2ed654d98df7f671f25e882fac606f9530Ubuntu Security Notice 4600-2 - USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash. Various other issues were also addressed.
2743e423223a69bc2e5a3493c5262e8e506d7718197a2ac2bde20270a2a9ba90Blueman versions prior to 2.1.4 suffer from a local privilege escalation vulnerability that achieves root.
ad12e1f52e4713a386324b965386aa1a9020999aa33360fe64eedb3b1faaaecfaptdaemon versions prior to 1.1.1 suffer from a file existence disclosure vulnerability.
6a60467266f33dfd33dccd469d46b9f39048b554f67da424046c527d10d8c317Ubuntu Security Notice 3081-2 - Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges.
a5c9a3a9bdb78367603007ec8640aaab2dc3486f9c257dae7a0d8cdaa28cc548PackageKit versions prior to 1.1.13 suffer from a file existence disclosure vulnerability.
c2cb1ba823e3746c7e8a7376f0d64634a3e8d0f82cd84d7bcaeca3c7d83f764cOnline Library Management System version 1.0 suffers from a remote shell upload vulnerability.
4da20cf09143b14a2750ade91ede9aa9d1031a15696f1cbe0745bd3f38554098Point of Sales version 1.0 suffers from a remote SQL injection vulnerability.
14479cfedac75e0485e20fa319e6a41519d81d62f71e316b0d6e690a943c2987Gym Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities.
d9e14fc468e33947658caab1b00ebb95b4485be3fe34d24dce85dc4e303ca61aGym Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
b745d5a85f8d66a52474e9b1ce0d16a0ea6438196f210f2ee896be788ef23c20
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed