Red Hat Security Advisory 2020-2639-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Issues addressed include a man-in-the-middle vulnerability.
659bc136b339fefd06456f7340bedbfb5561c8e45e51bc36c5c892767f1aa198
Mereo version 1.9.4 suffers from a remote HTTP server denial of service vulnerability.
d6300ac00f278bb859d9e2ce52daca06a011e19464356f45de116353513b9f52
Frigate version 2.02 suffers from a denial of service vulnerability.
432174efa739ce6b6f45ef4c99dda1e4a65c0c480bbd3dfb867064651983b1ab
Red Hat Security Advisory 2020-2636-01 - Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform installation. A credential leakage vulnerability has been addressed.
525a8a2f412ed973b24d09997f596e2d1ae7a55dde8d71a64b95fc38a79451e5
Red Hat Security Advisory 2020-2625-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
bdd7d271583a18cdbc8ce845cf1ccff706290084a0bc98177bf13b2063cb6cfc
Red Hat Security Advisory 2020-2614-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Issues addressed include information leakage and use-after-free vulnerabilities.
655eeb78def06e2bc0d42e7895147541f15a868804a03688fd5b24baf17aaf06
Red Hat Security Advisory 2020-2613-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Issues addressed include information leakage and use-after-free vulnerabilities.
7860e4839612f0355e5fa6395d1ef4f00cc77a7a379d8e082c3062fd5ed8e45f
Red Hat Security Advisory 2020-2619-01 - This is an asynchronous patch for Red Hat Fuse 7.6.0 on EAP and includes a security fix.
c86c84c236d83b5703405af46ab22415fc70838f8aa96d915ca3b831d779943e
Red Hat Security Advisory 2020-2616-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Issues addressed include information leakage and use-after-free vulnerabilities.
7ace05738ce8a8f7e32a550bd8443c21aaabd824d790834ed2b438900a296aec
Red Hat Security Advisory 2020-2611-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.9.0. Issues addressed include information leakage and use-after-free vulnerabilities.
98a7bbb7e2de03bd3cbee2cfc39160688ca286bc243bd3d7dae3224721c3b924
Red Hat Security Advisory 2020-2617-01 - A large amount of updates has been made to Red Hat Ansible Tower 3.7.1-1 - RHEL7 Container including one security fix.
8ef8d25bfdc93e329e17947827668cb92bbae1de4b8dfbc32ce00b90e314fbd2
Red Hat Security Advisory 2020-2618-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. This release of Red Hat AMQ Streams 1.5.0 serves as a replacement for Red Hat AMQ Streams 1.4.0, and includes security and bug fixes, and enhancements.
3ee7934e7a1293c6acdcf22be66e68fc63016a65886517eb784c831ecd60e4dc
Whitepaper called Writing a Quick Packet Sniffer with Python and Scapy.
d4ec7b2a12c7c95e19dc1555b0c55382afccd67b2457987bd82624ff25be5e2f
Beauty Parlour Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
73e0f4e49c4a5899009eba56e025d3c9f232e7cbbd8da764039a917d24cb81ae
This Metasploit module exploits a command injection vulnerability within the Agent Tesla control panel, in combination with an SQL injection vulnerability and a PHP object injection vulnerability, to gain remote code execution on affected hosts. Panel versions released prior to September 12, 2018 can be exploited by unauthenticated attackers to gain remote code execution as user running the web server. Agent Tesla panels released on or after this date can still be exploited however, provided that attackers have valid credentials for the Agent Tesla control panel. Note that this module presently only fully supports Windows hosts running Agent Tesla on the WAMP stack. Support for Linux may be added in a future update, but could not be confirmed during testing.
642ae2da08c3ed900b9c3760d13a2d1c0fb0e0de2dd1b41ae42a606c6a1d18a4
Red Hat Security Advisory 2020-2479-01 - OpenShift Enterprise by Red Hat is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Issues addressed include bypass, denial of service, and server-side request forgery vulnerabilities.
23458cd48178a8159bfb19bcf64236f01ddea203375d126505b85dbb0c1d9856
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
3cc165f9007ba41de6d0b693a1167dbaf0179085f9506dcba64b4b8e37e1bda2
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
0b8642515ea7189a1772cdb8072b98a6768cf9b963faf3cd664329fd79975ffa
Ubuntu Security Notice 4399-1 - It was discovered that Bind incorrectly handled large responses during zone transfers. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. It was discovered that Bind incorrectly handled certain asterisk characters in zone files. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.
6b8a0598afd7e0de323d915de70a0d215f77552ebee8cfea770c8cfd75fd98ca
Red Hat Security Advisory 2020-2478-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
f6b30f9a898c6f50aa4c280f90fa2d946eadbd8c1685d8afb8fa5083de5a2227
This Metasploit module exploits an unauthenticated remote SQL injection vulnerability in Cayin xPost versions 2.5 and below. The wayfinder_meeting_input.jsp file's wayfinder_seqid parameter can be injected blindly. Since this app bundles MySQL and Apache Tomcat the environment is pretty static and therefore the default settings should work. Results in SYSTEM level access. Only the java/jsp_shell_reverse_tcp and java/jsp_shell_bind_tcp payloads seem to be valid.
946a83a6a866b8857742cf272ba769a429c18cb24272e4ace13ff969e616262f
This Metasploit module exploits a remote SQL injection vulnerability in the "query" parameter found on Gila CMS version 1.1.18.1.
67d47acf6c51ced0b686d0152f6b884da8154b3ba0451ec2e3dcf58ecf577ae2
This Metasploit module exploits an authenticated remote code execution vulnerability in Cayin CMS versions 11.0 and below. The code execution is executed in the system_service.cgi file's ntpIp Parameter. The field is limited in size, so repeated requests are made to achieve a larger payload. Cayin CMS-SE is built for Ubuntu 16.04 (20.04 failed to install correctly), so the environment should be pretty set and not dynamic between targets. Results in root level access.
f7b153a94b13dd779b71e768fae7fc55f56194a7216851fdcf2cba9757607215
OpenCTI version 3.3.1 suffers from cross site scripting and directory traversal vulnerabilities.
89a8f8509d6cb8102d1c1d3f603a62eedb2bc3a7f07ccb924b9fbbba6c75a556
Code Blocks version 17.12 File Name SEH unicode local buffer overflow exploit.
c1dae29c4709263a913afe83978e44898f719a4880434a72a380b79d2300d6e6