Ubuntu Security Notice 4656-1 - Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges.
82f2428e9fbc552419e92a5893d379e62c8ac3ab594194b67ac5a457342f3817Ubuntu Security Notice 4655-1 - It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause phishing attacks. This issue only affected Ubuntu 16.04 LTS.
f963003ef70151c4a9f12cf38a0eec8d7635ae2186a53f0a5acf8f9c12171fcaThis archive contains all of the 185 exploits added to Packet Storm in November, 2020.
0a3f6f6217e08edc2471af5425fde885ebfe8dc01d793154acc327626c4a46f6THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
b60be61a8b0a944a66e3b719704b4c03c1bc2c22f32d5d21e99e434c82a9d769sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
d149722cb33202678fb64642ea315d0dea3fcb2d54403efb78b9819464dbd3e5The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
7e6d9cfdccadf636afd68a1af4fa937c8314ca49afc625712ab6e94446f1d508Red Hat Security Advisory 2020-5314-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
d3e64b5f34c545825cf7a28e0eb05fd6fa84fdefbaa3bcadd91c24bd7a984d3cRed Hat Security Advisory 2020-5305-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
c0fbb78cfa0a31bf66fcb5280c5543c7173545dc23a46bd554da1fb5ac7098abUbuntu Security Notice 4654-1 - It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code.
c191745316361b22d4ac1126abb9845238652476d22cd79c87fe915ac89dea9bRed Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.
ddd426c8ef5f7f421be7fd6c30c9b19468026fea7ae82304ca8d9ab327159ac2Red Hat Security Advisory 2020-5302-01 - This release of Red Hat build of Quarkus 1.7.5 SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a remote SQL injection vulnerability.
f990e12777887ddeb80da5f4820355619ec2c5c4bcb873f4644e55dd82cd1722Red Hat Security Advisory 2020-5194-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
f1c1f013aeed720cb17bef75cda00d25ece26553485af7b1e813e1b1e9734855Red Hat Security Advisory 2020-5239-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
5784174223d043548cde7c7f5a4b37e4646b75881f00e6410680152bfee3347dUbuntu Security Notice 4653-1 - It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges.
4a2bc41ae485150abd3573d1dae6f74a8e578dbc67939eb1473b47262a286acfUbuntu Security Notice 4652-1 - It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code.
4e3be3e8378557975f5e023637c27d628602a0c1470529c99d972c7ae4f99a97Red Hat Security Advisory 2020-5257-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
2e77a30b9dc5798836c85340ef1a8785489383393433e2bb2a3d2e6907e5600aRed Hat Security Advisory 2020-5235-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
e9d221e9d272aab62b3d9b00e1bede4810a563dcb5e1ab1cbffc11e86d80195eRed Hat Security Advisory 2020-5254-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a remote SQL injection vulnerability.
1f1824342beae059c3a79c6156fcf5ae44155e9b67a2c669a42edb685ad5a28beClass LMS version 2.6 suffers from a remote shell upload vulnerability.
821f038a5aea7535d29976f21a3178c0ea90e27337c64e36e72aa2b0fe9737aeWordPress EventON Calendar plugin version 3.0.5 suffers from a cross site scripting vulnerability.
4af51aa0bdaa4ea63ed2964de737d436288bb34b1b8fa463aa103c6073904e71SciKit-Learn version 0.23.2 suffers from a denial of service vulnerability.
74ea2f94eb65fd45d7836e15053b43ffc105e3fdc927679198505c47d640629dTypeSetter version 5.1 suffers from a cross site request forgery vulnerability.
5eebee0a2d27b3d6d6606580e0c8fb57dda257504e64cb43d745169458bbba67
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed