Ubuntu Security Notice 4237-1 - It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue to cause SpamAssassin to consume resources, resulting in a denial of service. Various other issues were also addressed.
cbf44edba6e3df3deb678e710dfd0ab56687a492d0f594714a7cd96584b54d24Red Hat Security Advisory 2020-0085-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.
3a1b00ffd8a0d4d38690e39e395b007138ef3c77f321555d0d6969cc3a19b663Ubuntu Security Notice 4236-1 - It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information.
cc20f582106cabcfddab8f4a2563d40318d22578de520e2b8ca53f33beea5383This Metasploit module exploits a remote code execution vulnerability in Citrix Application Delivery Controller and Gateway version 10.5.
bec68a9167966887bfc41632126f3582e09608bebf23999be1ca53bae2414759Hospital Management System version 4.0 suffers from multiple reflective cross site scripting vulnerabilities.
577785f9f7a77543366601d345329f948706e972436cf56919df3d22f41fd7d4Red Hat Security Advisory 2020-0086-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.
20a76b49be4abc80c6a40395b9cf5fa515ca53b648891dfe534365effdbc89b4Digi AnywhereUSB version 14 suffers from a cross site scripting vulnerability.
d17251e1fa5e9135fdf58298155491d557117cba6a0e26348bf1a09c36802919Car Rental Project version 1.0 suffers from a remote code execution vulnerability.
e4cc4dc5e55caa316a3d402d9317d0020cfe62d7d79914ce1f4bf5dca32e437aUbuntu Security Notice 4235-1 - Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.
044027ea326db3fb6aae4672a92bf7f3e07587ae3b37e7ae041b1440fcb590e1Freelancy version 1.0.0 suffers from a remote code execution vulnerability.
27fcda2d60369367b781215be5aff2b0782b9cfb300a573b677ff257bfd71ac3TaskCanvas version 1.4.0 suffers from a denial of service vulnerability.
14cf26a9c5d0b47daa3240ec63a30d2d4fbf460bf809f0bf8b7d4cf70b8f282bUbuntu Security Notice 4047-2 - USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthias Gerstner and J
aecdb81129825f72035a13cde71a406ded86fa29703505d963a4c16e44ccf1a3Red Hat Security Advisory 2020-0084-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.117. A use-after-free vulnerability was addressed.
6219b2487522c0380cd700b39a2203f0abe874ce7df602e15219a61f80e729e3The Kaspersky parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (File Name Length Field) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating. A vast array of Kaspersky products are affected.
5ace3f40cceae356bd67470cd3e790eaead40adc7b7b21eaab4d4e91d3df1bc0Bitdefender products suffer from a ZIP GPFLAG malformed archive bypass vulnerability. Affected includes all Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019.
8a04a45f5bad5e89212de014eb589ed0ff5c2e09cbfb8bce3337bc332720c94bRed Hat Security Advisory 2020-0078-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Issues addressed include a denial of service vulnerability.
859b2374bb3855d7cf58df3dcaa9c58bacacce1d256526b7b7cca15403545b39Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
da291d3d37b537ed0b99f39b20495c3baeefa52fd11a5d960e627af0fd3427f7Advanced System Repair Pro version 1.9.1.7 suffers from an insecure file permissions vulnerability.
c8375d1fce6be455bbca82d61a7036995cbbdde75eb364fb138090aba9c376ecSpotDialup version 1.2.6 suffers from a denial of service vulnerability.
01fa4154d2bc603be55e0bab9d90f830f780114695bf011ae7bf4280b12049a5SpotDialup version 1.6.7 suffers from a denial of service vulnerability.
af6a08143c0e41675b18e19c914b128923721685191122d80ac6a8bb00ab0b5aChevereto version 3.13.4 Core suffers from a remote code execution vulnerability.
b3213798082fe0a9f9d55dfeba9f47f269cc8704cdec6f26289e6ed714168db7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed