Red Hat Security Advisory 2020-0633-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
1bebc5e30b3d0310766cb8db3fea8a04df5a03923396e89d78272b83466ce1de
In the Samsung kernel, the /dev/hdcp2 device ioctls seem to implement no locking, leading to multiple exploitable race conditions. For example, you can open a session with the HDCP_IOC_SESSION_OPEN ioctl, and then close it in multiple threads in parallel with the HDCP_IOC_SESSION_CLOSE. Since no locking is implemented in hdcp_session_close(), memory will be corrupted and the system will become unstable.
133fd193ed2f3352ad3d3ca59c54ca66ce35d1f5a46084a1a696a14e6b2f9edc
The function __vipx_ioctl_put_container() in the Samsung kernel calls copy_to_user() on a vs4l_container_list structure that contains a kernel pointer, exposing that kernel pointer to userspace just before it gets passed to kfree().
cf04790c8d0e642b1910122bf8fab8586f7ff1ad7f3556e2103975c6e9559788
Red Hat Security Advisory 2020-0526-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue where /etc/passwd was given incorrect privileges has been addressed.
030dfcd72c32febf0856e4985978ffee94a07f992a7660e011101237be46f09b
Red Hat Security Advisory 2020-0630-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
2cafd3c642092b4ba0ba572a8f7bad662501dca79332e06a608bd62708e0a721
Comtrend VR-3033 suffers from a command injection vulnerability.
144d230fc575963771df80953220dd09c869bfb784d07d198dcc03ca718353e2
PHP-Fusion CMS versions 9 through 9.03 suffer from multiple cross site scripting vulnerabilities.
30ba65e62713fe6095418decd4abb733bd8f2877feb82c9d1595e96fc2c03f2a
Business Live Chat Software version 1.0 suffers from a cross site request forgery vulnerability.
ce27f7aee229138d952cf8d2435eb4aec6b21f40ec4ff582c7ee3c49ef97d2c0
Red Hat Security Advisory 2020-0609-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and use-after-free vulnerabilities.
1704e88839d3a2e0bb88213d4d92ae32aa951a7da471d4548ebd7e57aa5bbccd
PhpIX 2012 Professional (Beta) suffers from a remote SQL injection vulnerability.
a7d2c1dad83a8e2dadaa2750e429478f35c735c63b192316935b65bd8f94d363
Core FTP LE version 2.2 suffers from a denial of service vulnerability.
e2ab37670d91bc1c8ad507a3584060354b682133086609a64574cf7fed9da8cf
Red Hat Security Advisory 2020-0605-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for the wildfly-security-manager package in Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6, 7, and 8.
6ae1c40c03924b18c0d8eebf697cacbbc5d0f9e16c0b8488fb583b8746188b35
Apache Tomcat AJP Ghostcat file read and inclusion exploit.
2cb37d2adc51e868f0ba9c5b8b8f0150f2aacbb92a005b9a560ea332c4143aab
Red Hat Security Advisory 2020-0606-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for the wildfly-security-manager package in Red Hat JBoss Enterprise Application Platform 7.2. HTTP request smuggling was addressed along with other security issues.
eee7443a646fa70abdc0833f65aebb58f6cdd0629b9ffcb0b58a1b56b9767cd3
Red Hat Security Advisory 2020-0602-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. HTTP request smuggling was addressed along with other security issues.
06640bfa1968df0b472481ae67bb1e2f62f27a46e4050fa57fce9b5cec78e50b
The AVAST parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating a ZIP archive so that it can be accessed by an end-user but not the anti-virus software. The AV engine is unable to scan the container and gives the file a "clean" rating.
04142bff062e990548f8097f71222a4ee9c85d1768f97fcbf3deca2f91ed21e3
Easy2Pilot version 8 suffers from remote SQL injection, backdoor account, and cross site request forgery vulnerabilities.
851a67bfd8ce384f26b48979d982f4ba8f81ab365429667ea3ce3ad73ebc3d8c
Red Hat Security Advisory 2020-0601-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8.
8d43dd0822bbae7d88d811021e172eed30df934e109bf667724da9e33aa4290a
DirectWeb version 0.4.0 suffers from a cross site scripting vulnerability.
d77b1c678881bde75ca97d7ebe5dff0397a1af27b70a9eee74d587c2a8bec01b
Cacti version 1.2.8 suffers from an authenticated remote code execution vulnerability.
56cc6422c5477bd9cb39748c97408cbda4d9c2b376cadcbfd9f1e8930b549790
Cacti version 1.2.8 suffers from an unauthenticated remote code execution vulnerability.
b14631bfc6fe1d158869f68e3d4b39c3a7081d27db7f6278239eea4c70b81555
Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability, an out-of-bounds read introduced in December 2015, is exploitable remotely and leads to the execution of arbitrary shell commands.
2c58b82819510289b2fd55d1c6a82b81b279777abd6a6b0db391f990ec12b148
Qualys discovered a minor vulnerability in OpenSMTPD, OpenBSD's mail server. An unprivileged local attacker can read the first line of an arbitrary file (for example, root's password hash in /etc/master.passwd) or the entire contents of another user's file (if this file and /var/spool/smtpd/ are on the same filesystem). A proof of concept exploit is included in this archive.
3617b8854e485e1d063e08764e96429e54c6b7bb0467d127e819133f80c925d5
Astak CM-818T3 2.4GHz wireless security surveillance camera remote configuration disclosure exploit.
ad19dd11d7736fd3ada2ef71991e1c460b83b06c633d85a704dad751959e2c2a
Cisco Unified Contact Center Express suffers from a privilege escalation vulnerability.
3b4a032f286a08e996bc7bfa0eaa2fdd87978080ffb2a1d130af4339afc53464