Ubuntu Security Notice 4656-1 - Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges.
93853767d560545b7dd82c968276953f
Ubuntu Security Notice 4655-1 - It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause phishing attacks. This issue only affected Ubuntu 16.04 LTS.
ce431abe7eb561d35f930c7d3b02aba5
This archive contains all of the 185 exploits added to Packet Storm in November, 2020.
75e6bcf277f276acd37999eaf3155a86
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
e4defd32df9b9318525772f85cac31ef
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
63f11245bc7cdef373e7b5a811aa3c43
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
0c7546acc41ef41a8e39453fd58f4cc9
Red Hat Security Advisory 2020-5314-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
d6d296f85e26ca8b746e2e4972f08362
Red Hat Security Advisory 2020-5305-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
8b5a152876a53907ae1de1b4c9bacf98
Ubuntu Security Notice 4654-1 - It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code.
82c82cbd2ddeecdab18d7a3219f64cce
Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.
15b6e660f7ec10e7b1caf283b0e647fa
Red Hat Security Advisory 2020-5302-01 - This release of Red Hat build of Quarkus 1.7.5 SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a remote SQL injection vulnerability.
530ae33c260b949f7141641955a37664
Red Hat Security Advisory 2020-5194-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
941a9411336dc25888006c334a16eb80
Red Hat Security Advisory 2020-5239-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
28fe6d4dcec59e4c99842b526cb5f462
Ubuntu Security Notice 4653-1 - It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges.
8ecc1fa869b3211bbb093ef90ef1a0f9
Ubuntu Security Notice 4652-1 - It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code.
6a7456d4d7b6165153389916c139259a
Red Hat Security Advisory 2020-5257-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
b570bdde8e9ffca364df56d26131b6d8
Red Hat Security Advisory 2020-5235-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
fdabd4c9835e9a48f9c24633ec7cb555
Red Hat Security Advisory 2020-5254-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a remote SQL injection vulnerability.
0ef821bdbfc1a427665366f9f418b4a3
eClass LMS version 2.6 suffers from a remote shell upload vulnerability.
27ab302a8ee9d1973f951525ce39698f
WordPress EventON Calendar plugin version 3.0.5 suffers from a cross site scripting vulnerability.
6d781ceb0ce4cc4d3067f1bd5476bef5
SciKit-Learn version 0.23.2 suffers from a denial of service vulnerability.
6f9363e5e9c2515c85d4b94828be4c86
TypeSetter version 5.1 suffers from a cross site request forgery vulnerability.
b67e8396e549f39a1f6d2f1fe8eb968a