There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.
50dcfd05a094914cf819e98d3f2de507Ubuntu Security Notice 4952-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.25 in Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Ubuntu 18.04 LTS has been updated to MySQL 5.7.34. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.
0d0227bf3d91b0c638d82a4eb8dfac04Ubuntu Security Notice 4932-2 - USN-4932-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories. Various other issues were also addressed.
154fb54d376a39328dac652b07c44eeeFirefox 72 IonMonkey JIT type confusion exploit.
7a96469356a9cfa5498f5fb7edfb4a08ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Windows targets.
04c215bbe62a07fd802ce382554daf46Microsoft Internet Explorer 8/11 and WPAD service Jscript.dll use-after-free exploit.
f762d7cc3b848be95e980dbf64f8fd46ScadaBR versions 1.0 and 1.1CE authenticated shell upload exploit written for Linux targets.
3ad6c1b0c4cf0a0d3c8de295a42f4340OpenPLC WebServer version 3 authentication remote code execution exploit.
b43b406cdd773e40446d95720bd60c23Dental Clinic Appointment Reservation System version 1.0 suffers from multiple remote SQL injection vulnerabilities with one of them allowing for authentication bypass.
590039c72fd98d00add5038df52eb7a0ZeroShell version 3.9.0 remote command execution exploit.
6136d89b624e83529112cda72e8b9e5ePacketFence is a network access control (NAC) system. It is actively maintained and has been deployed in numerous large-scale institutions. It can be used to effectively secure networks, from small to very large heterogeneous networks. PacketFence provides NAC-oriented features such as registration of new network devices, detection of abnormal network activities including from remote snort sensors, isolation of problematic devices, remediation through a captive portal, and registration-based and scheduled vulnerability scans.
95203f2b8e1b9385f5e0ab7343853d97The Container Manager Service does not configure STORVSP correctly when opening mapped named pipes leading to privilege escalation.
970b0826e9c53e62fb981f362a8095f7This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.
1fba1ff491cb6bf069766f65d4437c6eThe Container Manager Service creates an AppContainer process without impersonating the access token leading to privilege escalation.
ad4654c8ed7054c3225224811ba94b15The Container Manager Service does not impersonate the caller when granting access to virtual disk images leading to privilege escalation.
ae8247dda745d9d8d6c85bfb03878028The Container Manager Service accepts an access token provided by the user without verification allowing an arbitrary process to be created with another user identity leading to privilege escalation.
12c1abb8e71fc62e306c9bc1dea254d3Backdoor.Win32.Delf.zho malware suffers from bypass and code execution vulnerabilities.
487f9e14ba262dfab66e64b94678938bRed Hat Security Advisory 2021-1547-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.115 and .NET Core Runtime 3.1.15. Issues addressed include a privilege escalation vulnerability.
9aa89665d28bb59a368afadc3a68d399Red Hat Security Advisory 2021-1546-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.203 and .NET Runtime 5.0.6. Issues addressed include a privilege escalation vulnerability.
5e6fe05beeaaa271b5d93ccb0be57176Ubuntu Security Notice 4951-1 - Anton Lydike discovered that Flatpak did not properly handle special tokens in desktop files. An attacker could use this to specially craft a Flatpak application that could escape sandbox confinement.
2a831326281e4053b358126024f846a4Ubuntu Security Notice 4949-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
46b90aa11862dc0daecfda0276fbf1cdUbuntu Security Notice 4948-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
151d9671a4c69f74d2e7803115cefc7bUbuntu Security Notice 4950-1 - Ryota Shiga discovered that the eBPF implementation in the Linux kernel did not properly verify that a BPF program only reserved as much memory for a ring buffer as was allocated. A local attacker could use this to cause a denial of service or execute arbitrary code. Manfred Paul discovered that the eBPF implementation in the Linux kernel did not properly track bounds on bitwise operations. A local attacker could use this to cause a denial of service or execute arbitrary code. Various other issues were also addressed.
49528c585e4106f35517c8af7ce16fc7Red Hat Security Advisory 2021-1544-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.
2dfa0b1e9ec7e75df0d5df7c31f0f39fRed Hat Security Advisory 2021-1540-01 - Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. Issues addressed include a bypass vulnerability.
45f8a6b86179c32a2ad1df82357e7cd0
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed