Red Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass and code execution vulnerabilities.
180aa53cbca05482454904febdf9c008320039952a59725600229f347d9d9357
Mida eFramework version 2.9.0 suffers from a remote code execution vulnerability.
1d91860562323de0b96d48e3fab2bd5c3cff83336de0debd04431d028e64421a
ASX to MP3 Converter version 3.1.3.7.2010.11.05 .wax local buffer overflow proof of concept exploit with DEP and ASLR bypass.
7f84c77ff7d0602ebf55956621de4d05257783b831769bc70810340d9c65606b
GnuPG (the GNU Privacy Guard or GPG) is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440. As such, it is meant to be compatible with PGP from NAI, Inc. Because it does not use any patented algorithms, it can be used without any restrictions.
7c1370565e1910b9d8c4e0fb57b9de34aa062ec7bb91abad5803d791f38d855b
Ubuntu Security Notice 4475-1 - It was discovered that Chrony incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause a denial of service or expose sensitive information.
2ba66b15a770c05e43d566a989f725061971e35aa3b6b84c1c86873791eeb251
Ubuntu Security Notice 4446-2 - USN-4446-1 fixed vulnerabilities in Squid. The update introduced a regression when using Squid with the icap or ecap protocols. This update fixes the problem. Jeriko One discovered that Squid incorrectly handled caching certain requests. A remote attacker could possibly use this issue to perform cache-injection attacks or gain access to reverse proxy features such as ESI. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled certain URN requests. A remote attacker could possibly use this issue to bypass access checks. Jeriko One discovered that Squid incorrectly handled URL decoding. A remote attacker could possibly use this issue to bypass certain rule checks. Jeriko One and Kristoffer Danielsson discovered that Squid incorrectly handled input validation. A remote attacker could use this issue to cause Squid to crash, resulting in a denial of service. Various other issues were also addressed.
be7270eca51d9106f34f71c4e2558648d8f85a5fc7f6800b486c696796ffa772
Gentoo Linux Security Advisory 202008-16 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 68.12.0 are affected.
c474d40ff712accf1513fe181cb940306656297f6cb3abadea7fc678d95faed8
Gentoo Linux Security Advisory 202008-15 - A flaw in Docker allowed possible information leakage. Versions less than 19.03.12 are affected.
e644d995ae441f4c24164f26fe3d2966d0636123a2802291141857a55dfe8a2e
Red Hat Security Advisory 2020-3541-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. The Matrix Project is a module which handles creating Jenkins multi-configuration projects. Matrix Authorization allows configuring the lowest level permissions, such as starting new builds, configuring items, or deleting them, individually. Python-RSA is a RSA implementation in Python. It can be used as a Python library as well as the commandline utility. Ansible is a SSH-based configuration management, deployment, and task execution system. The openshift-ansible packages contain Ansible code and playbooks for installing and upgrading OpenShift Container Platform 3. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.
42d044757ced55aee7edf9844bfad23fe95bf3c3141361f974b7050950a43c55
Gentoo Linux Security Advisory 202008-14 - A vulnerability in Wireshark could lead to a Denial of Service condition. Versions less than 3.2.6 are affected.
1e745d3f44450ee5f3ff173318a642583a2f861a43f9f1ec7f4117a0f3560687
Gentoo Linux Security Advisory 202008-13 - Multiple vulnerabilities have been found in PostgreSQL, the worst of which could result in privilege escalation. Versions less than 9.5.23:9.5 are affected.
b9ffeb065fa475ec938af85e828054d7d90b5d9a9259663a3d565b3d3bc786a1
Gentoo Linux Security Advisory 202008-12 - Multiple vulnerabilities have been found in Net-SNMP, the worst of which could result in privilege escalation. Versions less than 5.8.1_pre1 are affected.
47b590361046f370f06a09b89dcc673424b68229c00713f89dedeb4d3d77f993
Gentoo Linux Security Advisory 202008-11 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 85.0.4183.83 are affected.
945bfec750bf63585fac49eee7a83a14fbd13374349c8480dfe005be75d41814
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
dbccada6a353b54ceb844fe8cb0912c0363375a2f57214d23fcf463c4e6d2c4f
Debian Linux Security Advisory 4751-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache, which could result in request splitting, request smuggling (leading to cache poisoning) and denial of service when processing crafted cache digest responses messages.
3753426127834c4951d974e752f420e15ee85396cc43dfb685e0906f69a54744
Ubuntu Security Notice 4474-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. Various other issues were also addressed.
9c3f9b8a995f19fc2e46e69b42485c8da02e85dd0a8cc8530e25b865bb07d168
Ubuntu Security Notice 4473-1 - It was discovered that libmysofa incorrectly handled certain input files. An attacker could possibly use this issue to cause a denial of service or other unspecified impact.
ce698e2a37b8520212864efc5a6c58f264ab386ed74bc12d3f6486c7684eb0ad
Whitepaper called Abusing COM and DCOM Objects.
5fd1de5a2df55fca764f1fb18fe5f7e5b49b94117032c4e071b37fcbeb66bcd5
Red Hat Security Advisory 2020-3560-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 84.0.4147.135. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
da139feef4f6e95fbdfa2ad6cad01dfe0bfbe31d154fa6a8ea26994a9d1ac46c
Red Hat Security Advisory 2020-3559-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
7071bc5b65af88f2dcaea66b935e44589512652aac084c241d26a230f004bbd0
Red Hat Security Advisory 2020-3557-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
096e81539698f467e362800feb0355c97bf31cc374d51d6421b76c56799db7a4
Red Hat Security Advisory 2020-3556-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Issues addressed include a use-after-free vulnerability.
dc55d785b97e069e628bf651de02b4593f1670fab9d2f1bb7abda6d19aef1159
Red Hat Security Advisory 2020-3555-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.2.0 ESR. Issues addressed include bypass, integer overflow, and use-after-free vulnerabilities.
835141410b406ab871de2e407f475d6a360644a79d5dbfb5083396c9a1c6e38c
Red Hat Security Advisory 2020-3558-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.12.0 ESR. Issues addressed include a use-after-free vulnerability.
94d0e564eea25db831511ebef9cc80bfe0017410d73632361a9dd0d9194d21b6
Debian Linux Security Advisory 4749-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or unintended or malicious extensions being installed.
02e7edd19ea0fa39eb7a145101322fc43f50ad43594ff1acead7887cf2f28707