Red Hat Security Advisory 2020-3548-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and null pointer vulnerabilities.
01ada40fec0afab06b4f80403f363822e0775f18078966f0081c7d686da2c6eeRed Hat Security Advisory 2020-3545-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer over-read and denial of service vulnerabilities.
e9a5fd11dfc8de5af3713c57b58aff60f4db565a5aea2eaec6ad209e2c779c99Ubuntu Security Notice 4472-1 - Noah Misch discovered that PostgreSQL incorrectly handled the search_path setting when used with logical replication. A remote attacker could possibly use this issue to execute arbitrary SQL code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Andres Freund discovered that PostgreSQL incorrectly handled search path elements in CREATE EXTENSION. A remote attacker could possibly use this issue to execute arbitrary SQL code. Various other issues were also addressed.
887d5dd10d4beb7ccbc082cdcdc93721cd7fc006bdc22958985695060b8e5288Gentoo Linux Security Advisory 202008-10 - A vulnerability has been found in Chromium and Google Chrome that could allow a remote attacker to execute arbitrary code. Versions less than 84.0.4147.135 are affected.
f976d5ba31fdefe9230125b4ada7c43fc9914e347d466d5d2b3f012f8f3dcb92Gentoo Linux Security Advisory 202008-9 - Multiple Shadow utilities were installed with setuid permissions, allowing possible root privilege escalation. Versions less than 4.8-r3 are affected.
ace77c56cf5264ea4aac3e1e28a6d67f03b4f02c79b486990f85dc68b0ed6863Ubuntu Security Notice 4470-1 - Kritphong Mongkhonvanit discovered that sane-backends incorrectly handled certain packets. A remote attacker could possibly use this issue to obtain sensitive memory information. This issue only affected Ubuntu 16.04 LTS. It was discovered that sane-backends incorrectly handled certain memory operations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only applied to Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
7b8585ea1d768ed93a95c6c2d2e3260d81ead3292b3a8a1bb5955425a0ecb90fUbuntu Security Notice 4469-1 - It was discovered that Ghostscript incorrectly handled certain document files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could use this issue to cause Ghostscript to crash, resulting in a denial of service, or possibly execute arbitrary code.
a37b8eb29fe3a005bbe5986d84c0a853a8610160315fbe82b2ce46f9d61df2ceUbuntu Security Notice 4471-1 - Tobias Neitzel discovered that Net-SNMP incorrectly handled certain symlinks. An attacker could possibly use this issue to access sensitive information. It was discovered that Net-SNMP incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Various other issues were also addressed.
140626755544c8727d1b72860128291e6f9088c580c911f1655a3e8bdd1ef97aRed Hat Security Advisory 2020-3520-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
cf09ce0e198862adc8ca5bdcdfaec432c7011d1ee62831e6e4f8c48fa9919c1eRed Hat Security Advisory 2020-3519-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.
03d7ebc42a5ee8eb1819704cae98ab2247d034dafe7ee3357bc00074d0307709Chrome suffers from a missing array size check in NewFixedArray.
f965bb8845cbd743f6e39b8ef9f5d5bdc466ca80d449a696894d54259e1e0c44Ubuntu Security Notice 4468-2 - USN-4468-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Dave Feldman, Jeff Warren, and Joel Cunningham discovered that Bind incorrectly handled certain truncated responses to a TSIG-signed request. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. Various other issues were also addressed.
32e24a59f999677069e4109d3fd045c257eff86447a5859eda06af1073a5ee6aA Linux copy-on-write issue can wrongly grant write access.
fb12dc1d9b3c3b8710974411c8e04357da6fc10cd0ae77c98600c7e8fdfa8813Sysdig falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
c3288126f64870e622c7728a0491ae19dce28e131afecc1067a68b46bf5bdc9cSecZetta NEProfile version 3.3.11 suffers from a host header injection vulnerability.
bfbc02667ab86d585d9ac49bde302ed468c209ca54b3298ba5955fe8b47b061cWhitepaper called Exploiting DLLs: A Guide to DLL Hijacking.
bf1f284b9ac16be03719aa8522c22fd1571633093897ab338ff337af25d86c37Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
e4b0ff095a2adb7eefb1bc7cc5a6cefd805d401cc6a88b3182c37c4da33efc9eLimeSurvey version 4.3.10 suffers from a persistent cross site scripting vulnerability.
cad7a2d628bc94ce40dffb4a6b2b190126d7c4340fcc10dd46b615020e13448784 bytes small Linux/x86 reverse TCP shellcode.
a9b8dde55f9a62b0ac5a12be1dac512db3965420f4d49dbeec8a6055fc68b62dA complete guide to cross site scripting and methodologies relating to exploitation. Covers everything from basic to advanced concepts.
f3db17cd85a217720d5adc1362ae75b1356c4fa6d6db0964ee215cb4f5ce00d0Ericom Access Server allows attackers to initiate SSRF requests making outbound connections to arbitrary hosts and TCP ports. Attackers, who can reach the AccessNow server can target internal systems that are behind firewalls that are typically not accessible. This can also be used to target third-party systems from the AccessNow server itself. Version 9.2.0 is affected.
be074654b32c8f5acc5a65ebfb2346bf9d5c96f828c3e11ce96a91c39d1bafefEibiz i-Media Server Digital Signage version 3.8.0 suffers from unauthenticated privilege escalation and arbitrary user creation vulnerability that allows authentication bypass. Once serialized, an AMF encoded object graph may be used to persist and retrieve application state or allow two endpoints to communicate through the exchange of strongly typed data. These objects are received by the server without validation and authentication and gives the attacker the ability to create any user with any role and bypass the security control in place and modify presented data on the screen/billboard.
21b41f43af648dca662d0ab37642578564bfab81368e243c65e5691dcaa6ebdeEibiz i-Media Server Digital Signage version 3.8.0 is affected by a directory traversal vulnerability. An unauthenticated remote attacker can exploit this to view the contents of files located outside of the server's root directory. The issue can be triggered through the oldfile GET parameter.
0d192381d844963ab4c8b3ddc8c524eb72ca395130b9ffd616038a9114703f4eEibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated remote privilege escalation and account takeover vulnerability that can be triggered by directly calling the updateUser object (part of ActionScript object graphs), effectively elevating to an administrative role or taking over an existing account by modifying the settings.
3bf4ec39b2a0441671c1f3efdce8c8ed94b5e7df19f1cb7c73ed27a82277da18Eibiz i-Media Server Digital Signage version 3.8.0 suffers from an unauthenticated configuration disclosure vulnerability.
a97197dcba6a888b4ff5eb9cf844c8008659f343aa9bc34666c47cbcd4a02cc4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed