Ubuntu Security Notice 4311-1 - It was discovered that BlueZ incorrectly handled bonding HID and HOGP devices. A local attacker could possibly use this issue to impersonate non-bonded devices. It was discovered that BlueZ incorrectly handled certain commands. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. Various other issues were also addressed.
2401291c8cfe00861ad69e1d24575c9b4a44b76e244600145ac823763df30bc5
Ubuntu Security Notice 4313-1 - Manfred Paul discovered that the bpf verifier in the Linux kernel did not properly calculate register bounds for certain operations. A local attacker could use this to expose sensitive information or gain administrative privileges.
fa187c728fb6ea55e45b4e9d7eb10b0d30203f2c246d29022b946cc478f7154c
10-Strike Network Inventory Explorer version 9.03 Read-from-file buffer overflow exploit that uses SEH and ROP.
d9902b1b7f52b90b881ecd03566b14bdebeafb458532ad05ad92d0692856be5f
Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
146ce8d8d2242cab323c77d566f77441925783b4b3a014f6c04050d000ff0ae7
Ubuntu Security Notice 4312-1 - Matthias Gerstner discovered that Timeshift did not securely create temporary files. An attacker could exploit a race condition in Timeshift and potentially execute arbitrary commands as root.
e5a1409e9d1a412aedb562b4d151252c5a7c2be77599c7c1e42b61660d3d4f46
Gentoo Linux Security Advisory 202003-66 - Multiple vulnerabilities have been found in QEMU, the worst of which could result in the arbitrary execution of code. Versions less than 4.2.0-r2 are affected.
26d01ed289b866f334e985320e13cc92a34d670f55069043019c8c11db2221aa
Gentoo Linux Security Advisory 202003-65 - Multiple vulnerabilities have been found in FFmpeg, the worst of which allows remote attackers to execute arbitrary code. Versions greater than or equal to 4 are affected.
08bea2fea0ca58305840c700a9d387be009f877cc9024d75fa1464f89d1424b1
Gentoo Linux Security Advisory 202003-64 - Multiple vulnerabilities have been found in libxls, the worst of which could result in the arbitrary execution of code. Versions less than 1.5.2 are affected.
1a18cd954c42cd43388347d9bf3054c60fdf894469784eff535b974352d59298
Gentoo Linux Security Advisory 202003-63 - Multiple vulnerabilities have been found in GNU IDN Library 2, the worst of which could result in the remote execution of arbitrary code. Versions less than 2.2.0 are affected.
53fb6354b0d8ed24a8a1cf0c1606c26800da39fd68fec33fe50b30cd527397ec
Joomla Fabrik component version 3.9.11 suffers from a directory traversal vulnerability.
6bad29182a6bd3575ab9ca57bc52555b04aabb4cfdc488f7b87d996ef4ae786b
Gentoo Linux Security Advisory 202003-62 - A buffer overflow in GNU Screen might allow remote attackers to corrupt memory. Versions less than 4.8.0 are affected.
1adece542b013250731f7a551b384436a018e20e377848029349af3d1343d53a
Ubuntu Security Notice 4310-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
47400d1f7e7cbbdb1caa0b033a37774a32b0a0c826ca918da1deba8193be05e9
Ubuntu Security Notice 4308-2 - USN-4308-1 fixed several vulnerabilities in Twisted. This update provides the corresponding update for Ubuntu 14.04 ESM. it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. Various other issues were also addressed.
39bb858ec4921004263891b18b84c7e30cbaece7168ad65d0909bacbbf72c14e
Zen Load Balancer version 3.10.1 suffers from a remote code execution vulnerability.
29c20561040a95db93c50db27ac160b719fa168e3166212b7e43c1092858f647
This whitepaper is a quick tutorial on pentesting the Zen load balancer.
8ebf09c3635ca8278455d6f94536ff8b1c047cc31e15ee939200ecc06d560253
WordPress Event-Registration plugin version 5.43 suffers from an arbitrary file upload vulnerability.
2029bbf836e7de4bb57eb88c7f5f10198718d2552a017080a1b57d33050ff81d
DesignMasterEvents CMS version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
68ddabd38ad26973fa944fdad5a667cbba331245d7a590161e74580d356dcbb6
Odin Secure FTP Expert version 7.6.3 Site Info denial of service proof of concept exploit.
9237bd29aa749c0ee8fcd4e1c5a083c2943a4774708d940945375839849a0cb5
This Metasploit module can be used to leverage the extension functionality added since Redis 4.0.0 to execute arbitrary code. To transmit the given extension it makes use of the feature of Redis which called replication between master and slave.
2714070c8deee280f0dce194081f510869dec8b4d01b5127d461fe882cd026f7
Debian Linux Security Advisory 4637-1 - Kobus van Schoor discovered that network-manager-ssh, a plugin to provide VPN integration for SSH in NetworkManager, is prone to a privilege escalation vulnerability. A local user with privileges to modify a connection can take advantage of this flaw to execute arbitrary commands as root.
0bcfc1f9b60f364e802b9703ccd302227b82c7fc8b2a3d093b9da1fde2116589
Debian Linux Security Advisory 4638-1 - Several vulnerabilities have been discovered in the chromium web browser.
f1d7d8fc7660736bca421146ad5d260b843093a2c82bc57d8db4ffa2c3e4bbef
Debian Linux Security Advisory 4639-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
58a11b57f05936127a466550683eb0fa6f42c5d12f66fd85a10e35384557a63b
Debian Linux Security Advisory 4640-1 - handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the execution of arbitrary code if malformed media files are processed.
270dc8a682bea4ac1ace4b7a2aa472c7d4bea5b4613a776864fbdf3740a2ab68
Debian Linux Security Advisory 4641-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
c9568fb73cb85d36f251d23d6552f12efcbed59af201d8213e6671351790109a
Debian Linux Security Advisory 4642-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code.
e1e39f2d3300a2b6b20787091d1689c4393bf0a273f99f3144c80ce1c4c7a1ab