Red Hat Security Advisory 2020-3548-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and null pointer vulnerabilities.
01ada40fec0afab06b4f80403f363822e0775f18078966f0081c7d686da2c6ee
Red Hat Security Advisory 2020-3545-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer over-read and denial of service vulnerabilities.
e9a5fd11dfc8de5af3713c57b58aff60f4db565a5aea2eaec6ad209e2c779c99
Ubuntu Security Notice 4472-1 - Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Andres Freund discovered that PostgreSQL incorrectly handled search path elements in CREATE EXTENSION. A remote attacker could possibly use this issue to execute arbitrary SQL code. Various other issues were also addressed.
887d5dd10d4beb7ccbc082cdcdc93721cd7fc006bdc22958985695060b8e5288
Gentoo Linux Security Advisory 202008-10 - A vulnerability has been found in Chromium and Google Chrome that could allow a remote attacker to execute arbitrary code. Versions less than 84.0.4147.135 are affected.
f976d5ba31fdefe9230125b4ada7c43fc9914e347d466d5d2b3f012f8f3dcb92
Gentoo Linux Security Advisory 202008-9 - Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. Versions less than 4.8-r3 are affected.
ace77c56cf5264ea4aac3e1e28a6d67f03b4f02c79b486990f85dc68b0ed6863
Ubuntu Security Notice 4470-1 - Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
7b8585ea1d768ed93a95c6c2d2e3260d81ead3292b3a8a1bb5955425a0ecb90f
Ubuntu Security Notice 4469-1 - It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.
a37b8eb29fe3a005bbe5986d84c0a853a8610160315fbe82b2ce46f9d61df2ce
Ubuntu Security Notice 4471-1 - Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Various other issues were also addressed.
140626755544c8727d1b72860128291e6f9088c580c911f1655a3e8bdd1ef97a
Red Hat Security Advisory 2020-3520-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
cf09ce0e198862adc8ca5bdcdfaec432c7011d1ee62831e6e4f8c48fa9919c1e
Red Hat Security Advisory 2020-3519-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.
03d7ebc42a5ee8eb1819704cae98ab2247d034dafe7ee3357bc00074d0307709
Chrome suffers from a missing array size check in NewFixedArray.
f965bb8845cbd743f6e39b8ef9f5d5bdc466ca80d449a696894d54259e1e0c44
Ubuntu Security Notice 4468-2 - USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
32e24a59f999677069e4109d3fd045c257eff86447a5859eda06af1073a5ee6a
A Linux copy-on-write issue can wrongly grant write access.
fb12dc1d9b3c3b8710974411c8e04357da6fc10cd0ae77c98600c7e8fdfa8813
Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
c3288126f64870e622c7728a0491ae19dce28e131afecc1067a68b46bf5bdc9c
SecZetta NEProfile version 3.3.11 suffers from a host header injection vulnerability.
bfbc02667ab86d585d9ac49bde302ed468c209ca54b3298ba5955fe8b47b061c
Whitepaper called Exploiting DLLs: A Guide to DLL Hijacking.
bf1f284b9ac16be03719aa8522c22fd1571633093897ab338ff337af25d86c37
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
e4b0ff095a2adb7eefb1bc7cc5a6cefd805d401cc6a88b3182c37c4da33efc9e
LimeSurvey version 4.3.10 suffers from a persistent cross site scripting vulnerability.
cad7a2d628bc94ce40dffb4a6b2b190126d7c4340fcc10dd46b615020e134487
84 bytes small Linux/x86 reverse TCP shellcode.
a9b8dde55f9a62b0ac5a12be1dac512db3965420f4d49dbeec8a6055fc68b62d
A complete guide to cross site scripting and methodologies relating to exploitation. Covers everything from basic to advanced concepts.
f3db17cd85a217720d5adc1362ae75b1356c4fa6d6db0964ee215cb4f5ce00d0
Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.
be074654b32c8f5acc5a65ebfb2346bf9d5c96f828c3e11ce96a91c39d1bafef
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.
21b41f43af648dca662d0ab37642578564bfab81368e243c65e5691dcaa6ebde
Eibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
0d192381d844963ab4c8b3ddc8c524eb72ca395130b9ffd616038a9114703f4e
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.
3bf4ec39b2a0441671c1f3efdce8c8ed94b5e7df19f1cb7c73ed27a82277da18
Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability.
a97197dcba6a888b4ff5eb9cf844c8008659f343aa9bc34666c47cbcd4a02cc4