Red Hat Security Advisory 2020-0230-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
96969446d78793c2aa621e58cc7eea3359bf64b51d5cea025119e2b86fc67571
This application, known as the SolarWinds n-Central Dumpster Diver, utilizes the nCentral agent dot net libraries to simulate the agent registration and pull the agent/appliance configuration settings. This information can contain plain text active directory domain credentials. This was reported to SolarWinds PSIRT(psirt@solarwinds.com) on 10/10/2019. In most cases the agent download URL is not secured allowing anyone without authorization and known customer id to download the agent software. Once you have a customer id you can self register and pull the config. Application will test availability of customer id via agent download URL. If successful it will then pull the config. We do not attempt to just pull the config because timing out on the operation takes to long. Removing the initial check, could produce more results as the agent download could be being blocked where as agent communication would not be. Harmony is only used to block the nCentral libraries from saving and creating a config directory that is not needed.
a5eae45f8004a3a4b9959a2fb2174fae1431d896302f66af21a6c07750294f7b
Torrent 3GP Converter version 1.51 suffers from a stack overflow vulnerability.
0a6bf57e311da6213ff5f4ff1f5e598ded42f0dd078d113f7b8f6fe9042d668b
Realtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities.
161aad06c59b2a2586dd10dd4d1338457e20ca8bdd64c3821e7ec442fc85771f
Ricoh printer drivers for Windows suffer from a local privilege escalation vulnerability due to insecure file permissions. Many versions are affected.
c2e3ade66959a09c9f711610629aaec7177fed86eb0302198fca5749bc1652ce
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in (pure) bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets.
ab3c9a000f0f6703e4fc94821e06f531de6d2799322bf534188ebf766365a9c1
Debian Linux Security Advisory 4609-1 - Two security issues were found in the Python interface to the apt package manager; package downloads from unsigned repositories were incorrectly rejected and the hash validation relied on MD5.
183ef2617b0a2f81a817f8d952b2f5914ae4f2bdd3b732df89c57cdf0124b7dd
OLK Web Store 2020 suffers from a cross site request forgery vulnerability.
81ee1a9a36e96df972469abb4a45a37875966d542207a8b4050cb0ccaadba005
WebKitGTK+ and WPE WebKit suffer from multiple memory handling vulnerabilities that can result in arbitrary code execution. Versions affected include WebKitGTK before 2.26.3 and WPE WebKit before 2.26.3.
49d9b917bde52bfa1ef44d4f7b3b0a13d87e7690393d7e1149a85ed103b0bdb2
Webtareas version 2.0 suffers from a remote SQL injection vulnerability.
42c1470ee40f176b6177fef2b5181c4a53cd8b3db0e0d67db2f116509997deea
TP-Link TP-SG105E version 1.0.0 suffers from an unauthenticated remote reboot vulnerability.
081b5dcc60a29c1335a8ccaef754768842a81a4cc2c97651df1efc1af169255b
Genexis Platinum-4410 version 2.1 suffers from an authentication bypass vulnerability.
3fbbc6a6ae0b5efed5aa005759bfb65996a61978daab290928db336965952ebc
Lulzbuster is a very fast and smart web directory and file enumeration tool written in C.
3e0e32a0c9a0603005e91079645e87346e03dcf24687c40b24adee619cd34909
Red Hat Security Advisory 2020-0222-01 - The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
de964dabdcd67db95e4dff9a701c0129697f04269e699555247deb10e69f4be8
Ubuntu Security Notice 4230-2 - USN-4230-1 fixed a vulnerability in ClamAV. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that ClamAV incorrectly handled certain MIME messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. Various other issues were also addressed.
c6be35a15063cde7ea70940962dd6cf7e7c4be37bb06f6a5cf42df85454b62a6
Ubuntu Security Notice 4233-2 - USN-4233-1 disabled SHA1 being used for digital signature operations in GnuTLS. In certain network environments, certificates using SHA1 may still be in use. This update adds the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 priority strings that can be used to temporarily re-enable SHA1 until certificates can be replaced with a stronger algorithm. Various other issues were also addressed.
48627f3cc778abc3900d704a88a95b86bedcd0d00322dce1949996ff7b442159
Red Hat Security Advisory 2020-0215-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
ba8e323dd6d82fc2d86718cf85c1a492bd14b69f8df1602e71372949e8344871
Red Hat Security Advisory 2020-0218-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
54d99b79d75f732352fa6bc9a398477f7e84660f5e7b58d876aabfb708693860
Red Hat Security Advisory 2020-0216-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
bd2b6102033df520889ec0fe2dc6729b30132e7283e5688c2e9a705dbe51979d
Red Hat Security Advisory 2020-0217-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
22a7bda176a19136b6c9b8837bcad7df12774171071b10980fe883a9cc31eab7
Ubuntu Security Notice 4247-3 - USN-4247-1 fixed several vulnerabilities in python-apt. This update provides the corresponding updates for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
8bddca56dbb4a79bec4c879b8ff74ac63d10d8587c17c8bd9ba9567aefc29c61
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
87c60273c35d544256e471b403497be33f24df662673338236ec92ba3fc1f8b7
qdPM version 9.1 suffers from a remote code execution vulnerability.
7e38839c57fb28f501a4b08fba6935a0fba1a06153b69a44056f7c139d22ed77
Umbraco CMS version 8.2.2 suffers from cross site request forgery vulnerabilities.
98445d4e93cc2900f5594fe3e8c8583a070898d56bfa6014bb215a90ebac81be
Red Hat Security Advisory 2020-0214-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.130. Issues addressed include a use-after-free vulnerability.
46df82a1d7951b5aab18e5614c1e38da7df43eefffeda0cbefb8901f600af955