Ubuntu Security Notice 4249-1 - It was discovered that e2fsprogs incorrectly handled certain ext4 partitions. An attacker could possibly use this issue to execute arbitrary code.
c7e01c28f33f62032e35e64564b339e695d3b0b58a8fe882259ddd8e841dbe52
Ubuntu Security Notice 4247-2 - USN-4247-1 fixed vulnerabilities in python-apt. The updated packages caused a regression when attempting to upgrade to a new Ubuntu release. This update fixes the problem. It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations. Various other issues were also addressed.
c5c90b310d7f5f0416773ced5efb38ab57d54948ec0f54e9541ce80aac0c7b0f
Pachev FTP Server version 1.0 suffers from a path traversal vulnerability.
fce413bdfabb6b3915f35ab909f61f24a643c6aa052c9135d2737a1eb83f5a47
BOOTP Turbo version 2.0 SEH denial of service proof of concept exploit.
4db8d480c1490e0ceaf69100cf1cbe4af9a7ab18d90d91ad177474fee888fd2a
Red Hat Security Advisory 2020-0204-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include denial of service, heap overflow, and use-after-free vulnerabilities.
b8530fb9276e80ebe2fec5b38a7dd5cf3a19b3a0b32577a66ec4d709877292f7
Ubuntu Security Notice 4246-1 - It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. It was discovered that zlib incorrectly handled vectors involving left shifts of negative integers. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
96fd07ce458fb8e61373e902d959b958850935f8f23a8cce5911e7b2eb804982
Ubuntu Security Notice 4248-1 - It was discovered that GraphicsMagick incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
d69fb75ca770c778259412c98fe692a2c6aebc454b35f7d0332f43a9069ad63f
Ubuntu Security Notice 4247-1 - It was discovered that python-apt would still use MD5 hashes to validate certain downloaded packages. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. It was discovered that python-apt could install packages from untrusted repositories, contrary to expectations.
402fb2d1cf0e095a11a20ae7a60a1b22d65ad8b15259576de22ffc2b62eddc30
D-Link DIR-859 Routers are vulnerable to OS command injection via the UPnP interface. The vulnerability exists in /gena.cgi (function genacgi_main() in /htdocs/cgibin), which is accessible without credentials.
ae3c3447736253b12652f3498e39b80ef8b5c39fdb23d42cf38844008d3a0195
This Metasploit module attempts to gain root privileges on Linux systems by abusing a NULL pointer dereference in the rds_atomic_free_op function in the Reliable Datagram Sockets (RDS) kernel module (rds.ko). Successful exploitation requires the RDS kernel module to be loaded. If the RDS module is not blacklisted (default); then it will be loaded automatically. This exploit supports 64-bit Ubuntu Linux systems, including distributions based on Ubuntu, such as Linux Mint and Zorin OS. This exploit does not bypass SMAP. Bypasses for SMEP and KASLR are included. Failed exploitation may crash the kernel. This module has been tested successfully on various 4.4 and 4.8 kernels.
561f5de542c8d58118095440168a640aad5069622602f1d8eac2d963687098c9
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.
1b2b96879dec01cd02754fe00f8989b11ff16158c3dc7c4aff0faa4b1d34974b
ZOHO ManageEngine ServiceDeskPlus versions 11.0 Build 11007 and below suffer from a cross site scripting vulnerability.
f632ef85f28ad70bb9342601a5f35a98d661dd706019e37f2cc899fa7c91121f
Red Hat Security Advisory 2020-0203-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include a use-after-free vulnerability.
fd41c42c4d6e0236bc390a37c8b4e54beb49086f68361600bcf853843ef316f6
Red Hat Security Advisory 2020-0202-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
07d56fc7e4caf2f527ad3e717b85088c6e310e363c19dd38f9bf41fb9d929d7e
Employee Leaves Management System version 2.0 suffers from a cross site request forgery vulnerability.
23e63333eb80703368d37d1301494778ad1aee0e7387febbad89e6da5f993e05
Red Hat Security Advisory 2020-0201-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
cb103a9a083151521bc9381369fd06cffa071a2aaad8daf58abf2194681600a9
Red Hat Security Advisory 2020-0199-01 - OpenSLP is an open source implementation of the Service Location Protocol which is an Internet Engineering Task Force standards track protocol and provides a framework to allow networking applications to discover the existence, location, and configuration of networked services in enterprise networks. Issues addressed include buffer overflow and code execution vulnerabilities.
ee1a609d44b1e387587fd42bd06f64b674a73e249a8bfdf2acef73f85c2fc139
Debian Linux Security Advisory 4608-1 - Multiple integer overflows have been discovered in the libtiff library and the included tools.
1a6497db176ef9c93ca93386cf14b443e5341a899bf60e73653e2502fddb4db2
Red Hat Security Advisory 2020-0172-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
d001b2373f4967991ea46a1eae298ded73765592aa4fc39b27a3d55d3390725f
Red Hat Security Advisory 2020-0171-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include a denial of service vulnerability.
83bb345c5b950872096eec2fc7401cdd0e6dd45cb6770fbda9535420a870eea1
Red Hat Security Advisory 2020-0196-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
4b73be92bf5911b53ca5c01f8c15861f65f82e82eba34cfc359cf2c98888e94b
Red Hat Security Advisory 2020-0195-01 - Python-reportlab is a library used for generation of PDF documents. A code injection vulnerability has been addressed.
5d992c060ac9ab8902a9fc4ade5f77b62323600e52a861952357389c280b739d
Citrix XenMobile Server version 10.8 suffers from an XML external entity injection vulnerability.
2c11d86d93cfd73bd58d127cdd74b7f28105f208d9e5dc7da4bc9f6274cd90fc
9 bytes small Microsoft Windows 7 screen locking shellcode.
fc1431ed92ba6d673f84f58b86ea42ac5a467f0e1b9ce283fce744ce538aed69
An insufficient fix for CVE-2019-6205 means XNU vm_map_copy optimization which requires atomicity still is not atomic.
64852008642517c7a6286853a18dc6ef2a98bff2e171d9812bbe7c77a11b7b7d