Fortinet FortiSIEM has a hard-coded SSH public key for user "tunneluser" which is the same between all installs. An attacker with this key can successfully authenticate as this user to the FortiSIEM Supervisor. The unencrypted key is also stored inside the FortiSIEM image. While the user's shell is limited to running the /opt/phoenix/phscripts/bin/tunnelshell script, SSH authentication still succeeds. Versions 5.2.5 and 5.2.6 have been verified as vulnerable.
2c28af53eba7e337d89352df4d65040bfaf3d030410b0fb0308bd4147ae2c358MikroTik RouterOS versions prior to 6.44.6 suffer from memory corruption and assertion failure vulnerabilities.
b9e283a6208f56a952f99e2174e47221c663e9cd7c8f17571ff9c7c8eeb5c785Job Portal version 1.0 suffers from a remote shell upload vulnerability.
990266f7ac1dfb9a6d75e38471a5897efa8f177cefb67f964662b161bb086756Dairy Farm Shop Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
26aa096418d56951ebe4e9aeaec482580d138834b0f1e2c3c214a96c57d10d7fDairy Farm Shop Management System version 1.0 suffers from a remote SQL injection vulnerability.
6f1d6a66183cb8c3179889b0f7e4b825a1c7de24392ee460910d1f2252041750piSignage version 2.6.4 suffers from a directory traversal vulnerability.
299d2aa52bc5446e014af68cf50cf420cb0a9f36d8d70b087690f67c10a906c3Red Hat Security Advisory 2020-0046-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6. Issues addressed include deserialization and null pointer vulnerabilities.
7afc9a0d7aac85fc76e9e8bed71610847e2271baa85e26dc197531371f68b7f0Red Hat Security Advisory 2020-0036-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, null pointer, and use-after-free vulnerabilities.
1e0f0fd70b306e09392d1b9748151af1a86a0d713f765efd696043bf2e820c1dSlackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
0953c59b401a7153760f5c8e755e8bdb6adf55114c5927bdcd58b18bc0471891Ubuntu Security Notice 4228-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a3e4222fc7e06b89b4de61d6570f14345fef41adaf9b37a34001a797f38b4886Ubuntu Security Notice 4227-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
71d1c0d0efeddafd12756dac5e91430c22d3570696bd238daf8fcc8b8965494aUbuntu Security Notice 4226-1 - Michael Hanselmann discovered that the CIFS implementation in the Linux kernel did not sanitize paths returned by an SMB server. An attacker controlling an SMB server could use this to overwrite arbitrary files. It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
39575de5b2f924406650b6da561fc6af020f2015cd3e538ab41586df07456031Ubuntu Security Notice 4225-1 - It was discovered that a heap-based buffer overflow existed in the Marvell WiFi-Ex Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a heap-based buffer overflow existed in the Marvell Libertas WLAN Driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
a5849344e6b55b6061edfe1acacaf489846dcccb142eac960ed55b5351f9ba1eComplaint Management System version 4.0 suffers from a remote code execution vulnerability.
7b0aa980a77d3f44b50de965bfd78bcc8506a9e151f332e040c46eef55d76f21AnyDesk version 5.4.0 suffers from an unquoted service path vulnerability.
62090ba341933c40d0dc9dd54aee9204f33bb8cbb14e053aaddb67a06914c164
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed