Ubuntu Security Notice 4424-1 - It was discovered that cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 devices ran on every boot without restrictions. A physical attacker could exploit this to craft cloud-init user-data/meta-data via external media to perform arbitrary changes on the device to bypass intended security mechanisms such as full disk encryption. This issue did not affect traditional Ubuntu systems. It was discovered that snapctl user-open allowed altering the XDG_DATA_DIRS environment variable when calling the system xdg-open. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL. This issue did not affect Ubuntu Core systems. Various other issues were also addressed.
9216c175c43df93130d75a74937c91173a1f19c7fed3f2bba81214d648ceb5b3Ubuntu Security Notice 4199-2 - USN-4199-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that libvpx did not properly handle certain malformed WebM media files. If an application using libvpx opened a specially crafted WebM file, a remote attacker could cause a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
c7fbba9b4e9adcce96291c4e6c49d22b55b03a9761c3a68b1f518cd2421858b6Red Hat Security Advisory 2020-2954-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.106 and .NET Core Runtime 3.1.6. .NET Core: XML source markup processing remote code execution. Issues addressed include a code execution vulnerability.
dfcfd4fa10032b163a2c9f7ed100e4b7ccd0fb0970832b62cb72deeed1b3e772Oracle Solaris 11 Device Driver Utility version 1.3.1 suffers from an insecure use of /tmp that can allow for a race condition which leads to privilege escalation. Included exploit provides a root shell.
ab9f7d499e25ee29f512a1665d6b70ae126fc6bd0318afb737ac4598bbd67beeSecZetta NEProfile version 3.3.11 suffers from a remote code execution vulnerability.
c17834ab0af938d459e36953e4a5fc2db414f94e0c2191ccfd31b65b0bd81f4bRed Hat Security Advisory 2020-2939-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.106 and .NET Core Runtime 3.1.6. Issues addressed include a code execution vulnerability.
88c0a6d1f9c0e138d8e8b2cb012f0ebe9ac193addd8895b6a0533ed41777a9ccRed Hat Security Advisory 2020-2938-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. A new version of .NET Core that addresses a security vulnerability is now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. Issues addressed include a code execution vulnerability.
8ed16ebf3196f85729f00c0d3feac26351d9977787701fd26013ca52f39ad3ebRed Hat Security Advisory 2020-2937-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated version is .NET Core Runtime 2.1.20 and SDK 2.1.516. Issues addressed include a code execution vulnerability.
63cedc95d6cfd8980ba53188d6ce9228290f5d970c464598cbf1ea9613ad4288Red Hat Security Advisory 2020-2933-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. An information exposure issue has been addressed.
ee0f7cb7c4bae47ec886c948a5af197f791e86a3445667472faa92c84b5c7fecUbuntu Security Notice 4423-1 - It was discovered that X-Frame-Options could be bypassed in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct clickjacking attacks.
cb686e4c34200e61d75bd472186503eb68597c70a32558f5ca5e5b74b3e6b85eZyxel Armor X1 WAP6806 suffers from a directory traversal vulnerability.
f1e1d0fd46f9df6b57371ee28f0b276b858aa8e66240731911e05e1c29808ae4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed