Debian Linux Security Advisory 4674-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be logged out, or a Cross-Side Scripting (XSS) leading to execution of arbitrary code.
1a0e4fd0c77e5eb1e095f0a4465f6f037d2438c0aa3169e10e182197a9f7487eDebian Linux Security Advisory 4675-1 - Several vulnerabilities have been discovered in GraphicsMagick, a set of command-line applications to manipulate image files, which could result in information disclosure, denial of service or the execution of arbitrary code if malformed image files are processed.
b2e87b4bb9b4dbb556409e766633ea564939c979313986ac94ce86ed6c29b11cDebian Linux Security Advisory 4676-1 - Several vulnerabilities were discovered in salt, a powerful remote execution manager, which could result in retrieve of user tokens from the salt master, execution of arbitrary commands on salt minions, arbitrary directory access to authenticated users or arbitrary code execution on salt-api hosts.
bc8f6fb80beef063b1481154a0f467f4fb6d9239d5d229f48d3dffa80f9fa57eDebian Linux Security Advisory 4676-2 - The update for salt for the oldstable distribution (stretch) released as DSA 4676-1 contained an incomplete fix to address CVE-2020-11651 and CVE-2020-11652. Updated salt packages are now available to correct this issue. For reference, the original advisory text follows.
796842d23e3e132487d82a2497387a92aa2770d53d6f95db179b90ce2981e9eeDebian Linux Security Advisory 4677-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create files on the server, disclose private information, create open redirects, poison cache, and bypass authorization access and input sanitation.
6d27cba833ecba03b616051272e9350ebac60ca6dcdce5a8f1dbee3e9022d501Debian Linux Security Advisory 4678-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or information disclosure.
42fc94236225414bc8cc2105ae469426c24ee3505e206d79b00379fad2795042Debian Linux Security Advisory 4679-1 - A vulnerability was found in the EC2 credentials API of Keystone, the scope (trust/oauth/application credential) could create an EC2 credential with an escalated permission, such as obtaining "admin" while the user is on a limited "viewer" role.
57abffa4201ffff7ed9e3092133cdd1fe8625030c63993ef966787f79303370fDebian Linux Security Advisory 4680-1 - Several vulnerabilities were discovered in the Tomcat servlet and JSP engine, which could result in HTTP request smuggling, code execution in the AJP connector (disabled by default in Debian) or a man-in-the-middle attack against the JMX interface.
d84200d1f875157db5551cd1679c3bdbff3b6dbe5f87a455c1a84bf2902aa60eDebian Linux Security Advisory 4681-1 - Ryan Pickren discovered that a file URL may be incorrectly processed. Sergei Glazunov discovered that a race condition may allow an application to read restricted memory. Various other issues were also found.
3364a5da93f7debc3fd95c59d610976690373dd114d62d171dd6c632c645b187Debian Linux Security Advisory 4682-1 - Multiple security issues were discovered in the Squid proxy caching server, which could result in the bypass of security filters, information disclosure, the execution of arbitrary code or denial of service.
87ca95b4ae1d88238583d52bb863f0a6581ef8c84693704ff5fc9f5b91f4325aDebian Linux Security Advisory 4683-1 - Multiple security issues have been found in Thunderbird which could result in spoofing the displayed sender email address, denial of service or potentially the execution of arbitrary code.
6b4651f29f022e0efe1d6770f39d66f9649fc415381e1388373054438f2656bdDebian Linux Security Advisory 4684-1 - Stephan Zeisberg discovered that the libreswan IPsec implementation could be forced into a crash/restart via a malformed IKEv1 Informational Exchange packet, resulting in denial of service.
3da635b656c657a466ffd3f22799562a5f2cb79c8dab0db749a4d23f21d3f966Debian Linux Security Advisory 4685-1 - Shuaibing Lu discovered that missing input validation in the ar/tar implementations of APT, the high level package manager, could result in denial of service when processing specially crafted deb files.
d11a1baf9490082af927a3e0c3aa42218a73c54fe7796464fc703c7e99185b0fDebian Linux Security Advisory 4686-1 - It was discovered that the SocketServer class included in apache-log4j1.2, a logging library for java, is vulnerable to deserialization of untrusted data. An attacker can take advantage of this flaw to execute arbitrary code in the context of the logger application by sending a specially crafted log event.
b7652cf3e1c98d44b0475cd461748855ac6cb1cda2d39aaf078852e016be5ce0Debian Linux Security Advisory 4687-1 - It was discovered that exim4, a mail transport agent, suffers from a authentication bypass vulnerability in the spa authentication driver. The spa authentication driver is not enabled by default.
e3272bf74799d54d749a059ab8ec2fc1ae847a99be8c8ac11d45f300841755abDebian Linux Security Advisory 4688-1 - Multiple vulnerabilities were discovered in the vhost code of DPDK, a set of libraries for fast packet processing, which could result in denial of service or the execution of arbitrary code by malicious guests/containers.
53c57f7ed5d005acebd7038ef00b5ce38572fc2f58e783024f20cc04979ec7b9Debian Linux Security Advisory 4689-1 - Several vulnerabilities were discovered in BIND, a DNS server implementation.
96c2db1c832c3227b5a973f46df47ac93ec1ba53a83a6ee66f99e63722d11f9bDebian Linux Security Advisory 4690-1 - Several vulnerabilities were discovered in the Dovecot email server, which could cause crashes in the submission, submission-login or lmtp services, resulting in denial of service.
9d63598a1c71dc750c77f667387b4618d03c19f05df378ce707cb2a4abea6c26Debian Linux Security Advisory 4691-1 - Two vulnerabiliites have been discovered in PDNS Recursor, a resolving name server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient validation of NXDOMAIN responses lacking an SOA.
aada610ec729b715bd4deefefe72312c4e3df29f8f251339c4ba2be8d8cc2bd3Debian Linux Security Advisory 4692-1 - Georgi Guninski and the Qualys Research Labs discovered multiple vulnerabilities in qmail (shipped in Debian as netqmail with additional patches) which could result in the execution of arbitrary code, bypass of mail address verification and a local information leak whether a file exists or not.
71843b017c5f98386f0eee906018b39853e36b3e3a3c0d30450769937bd7c1cdDebian Linux Security Advisory 4693-1 - Several vulnerabilities were discovered in Drupal, a fully-featured content management framework, which could result in an open redirect or cross-site scripting.
357e410d6d2403dbc035d10bf229ad70fd4d22acedb37509054f636187976747Debian Linux Security Advisory 4694-1 - Two vulnerabiliites have been discovered in Unbound, a recursive-only caching DNS server; a traffic amplification attack against third party authoritative name servers (NXNSAttack) and insufficient sanitisation of replies from upstream servers could result in denial of service via an infinite loop.
b046a72fee0ad425126c623785cc6b1b0c768b446a15efc25f18f621ebd40c16This Metasploit module exploits a command execution in Pi-Hole versions 4.3.2 and below. A new DHCP static lease is added with a MAC address which includes a remote code execution issue.
359e5af00d21f40799f66c4def97b9142ec248ec7b78fc2f54d6c7286881fa62The Firefox content processes do not sufficiently lockdown access control which can result in a sandbox escape.
5ab57ea898f6984a1d902219e6b5dad81c2a3fda15ddd5b7b3e8b94690951fdaRed Hat Security Advisory 2020-2333-01 - Red Hat JBoss Enterprise Application Platform CD19 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD19 includes bug fixes and enhancements. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, and out of bounds read vulnerabilities.
60c6cfb83e5036b1ce51c4410ffab8547065d86cf420e7222face7dc4b27fe8f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed