Red Hat Security Advisory 2020-0230-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
96969446d78793c2aa621e58cc7eea3359bf64b51d5cea025119e2b86fc67571This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be. Harmony is only used to block the nCentral libraries from saving and creating a config directory that is not needed.
a5eae45f8004a3a4b9959a2fb2174fae1431d896302f66af21a6c07750294f7bTorrent 3GP Converter version 1.51 suffers from a stack overflow vulnerability.
0a6bf57e311da6213ff5f4ff1f5e598ded42f0dd078d113f7b8f6fe9042d668bRealtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities.
161aad06c59b2a2586dd10dd4d1338457e20ca8bdd64c3821e7ec442fc85771fRicoh printer drivers for Windows suffer from a local privilege escalation vulnerability due to insecure file permissions. Many versions are affected.
c2e3ade66959a09c9f711610629aaec7177fed86eb0302198fca5749bc1652cetestssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
ab3c9a000f0f6703e4fc94821e06f531de6d2799322bf534188ebf766365a9c1Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.
183ef2617b0a2f81a817f8d952b2f5914ae4f2bdd3b732df89c57cdf0124b7ddOLK Web Store 2020 suffers from a cross site request forgery vulnerability.
81ee1a9a36e96df972469abb4a45a37875966d542207a8b4050cb0ccaadba005WebKitGTK+ and WPE WebKit suffer from multiple memory handling vulnerabilities that can result in arbitrary code execution. Versions affected include WebKitGTK before 2.26.3 and WPE WebKit before 2.26.3.
49d9b917bde52bfa1ef44d4f7b3b0a13d87e7690393d7e1149a85ed103b0bdb2Webtareas version 2.0 suffers from a remote SQL injection vulnerability.
42c1470ee40f176b6177fef2b5181c4a53cd8b3db0e0d67db2f116509997deeaTP-Link TP-SG105E version 1.0.0 suffers from an unauthenticated remote reboot vulnerability.
081b5dcc60a29c1335a8ccaef754768842a81a4cc2c97651df1efc1af169255bGenexis Platinum-4410 version 2.1 suffers from an authentication bypass vulnerability.
3fbbc6a6ae0b5efed5aa005759bfb65996a61978daab290928db336965952ebcLulzbuster is a very fast and smart web directory and file enumeration tool written in C.
3e0e32a0c9a0603005e91079645e87346e03dcf24687c40b24adee619cd34909Red Hat Security Advisory 2020-0222-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
de964dabdcd67db95e4dff9a701c0129697f04269e699555247deb10e69f4be8Ubuntu Security Notice 4230-2 - USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
c6be35a15063cde7ea70940962dd6cf7e7c4be37bb06f6a5cf42df85454b62a6Ubuntu Security Notice 4233-2 - USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Various other issues were also addressed.
48627f3cc778abc3900d704a88a95b86bedcd0d00322dce1949996ff7b442159Red Hat Security Advisory 2020-0215-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
ba8e323dd6d82fc2d86718cf85c1a492bd14b69f8df1602e71372949e8344871Red Hat Security Advisory 2020-0218-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
54d99b79d75f732352fa6bc9a398477f7e84660f5e7b58d876aabfb708693860Red Hat Security Advisory 2020-0216-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
bd2b6102033df520889ec0fe2dc6729b30132e7283e5688c2e9a705dbe51979dRed Hat Security Advisory 2020-0217-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
22a7bda176a19136b6c9b8837bcad7df12774171071b10980fe883a9cc31eab7Ubuntu Security Notice 4247-3 - USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
8bddca56dbb4a79bec4c879b8ff74ac63d10d8587c17c8bd9ba9567aefc29c61Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
87c60273c35d544256e471b403497be33f24df662673338236ec92ba3fc1f8b7qdPM version 9.1 suffers from a remote code execution vulnerability.
7e38839c57fb28f501a4b08fba6935a0fba1a06153b69a44056f7c139d22ed77Umbraco CMS version 8.2.2 suffers from cross site request forgery vulnerabilities.
98445d4e93cc2900f5594fe3e8c8583a070898d56bfa6014bb215a90ebac81beRed Hat Security Advisory 2020-0214-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.130. Issues addressed include a use-after-free vulnerability.
46df82a1d7951b5aab18e5614c1e38da7df43eefffeda0cbefb8901f600af955
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed