Fortinet FortiSIEM has a hard-coded SSH public key for user "tunneluser" which is the same between all installs. An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor. The unencrypted key is also stored inside the FortiSIEM image. While the user's shell is limited to running the /opt/phoenix/phscripts/bin/tunnelshell script, SSH authentication still succeeds. Versions 5.2.5 and 5.2.6 have been verified as vulnerable.
2c28af53eba7e337d89352df4d65040bfaf3d030410b0fb0308bd4147ae2c358
MikroTik RouterOS versions prior to 6.44.6 suffer from memory corruption and assertion failure vulnerabilities.
b9e283a6208f56a952f99e2174e47221c663e9cd7c8f17571ff9c7c8eeb5c785
Job Portal version 1.0 suffers from a remote shell upload vulnerability.
990266f7ac1dfb9a6d75e38471a5897efa8f177cefb67f964662b161bb086756
Dairy Farm Shop Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
26aa096418d56951ebe4e9aeaec482580d138834b0f1e2c3c214a96c57d10d7f
Dairy Farm Shop Management System version 1.0 suffers from a remote SQL injection vulnerability.
6f1d6a66183cb8c3179889b0f7e4b825a1c7de24392ee460910d1f2252041750
piSignage version 2.6.4 suffers from a directory traversal vulnerability.
299d2aa52bc5446e014af68cf50cf420cb0a9f36d8d70b087690f67c10a906c3
Red Hat Security Advisory 2020-0046-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6. Issues addressed include deserialization and null pointer vulnerabilities.
7afc9a0d7aac85fc76e9e8bed71610847e2271baa85e26dc197531371f68b7f0
Red Hat Security Advisory 2020-0036-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, null pointer, and use-after-free vulnerabilities.
1e0f0fd70b306e09392d1b9748151af1a86a0d713f765efd696043bf2e820c1d
Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
0953c59b401a7153760f5c8e755e8bdb6adf55114c5927bdcd58b18bc0471891
Ubuntu Security Notice 4228-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a3e4222fc7e06b89b4de61d6570f14345fef41adaf9b37a34001a797f38b4886
Ubuntu Security Notice 4227-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
71d1c0d0efeddafd12756dac5e91430c22d3570696bd238daf8fcc8b8965494a
Ubuntu Security Notice 4226-1 - Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
39575de5b2f924406650b6da561fc6af020f2015cd3e538ab41586df07456031
Ubuntu Security Notice 4225-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a5849344e6b55b6061edfe1acacaf489846dcccb142eac960ed55b5351f9ba1e
Complaint Management System version 4.0 suffers from a remote code execution vulnerability.
7b0aa980a77d3f44b50de965bfd78bcc8506a9e151f332e040c46eef55d76f21
AnyDesk version 5.4.0 suffers from an unquoted service path vulnerability.
62090ba341933c40d0dc9dd54aee9204f33bb8cbb14e053aaddb67a06914c164