Ubuntu Security Notice 4468-1 - Emanuel Almeida discovered that Bind incorrectly handled certain TCP payloads. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Joseph Gullo discovered that Bind incorrectly handled QNAME minimization when used in certain configurations. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.
e68968b54f06a09f60aaea3f86c5fd5e18688a0dc2013d6d8a0ac01245a43511
The handling of KTM logs when initializing a Registry Hive contains no bounds checks which results in privilege escalation.
0ae399542cc10a8ccc557083deb691282149c87bc3ab0445c6922d410bec88ee
The handling of KTM logs does not limit Registry Key operations to the loading hive leading to elevation of privilege.
dc36265f20912463478c32c5203d3f4e619cc492c989532a060ccc10362e3045
10 bytes small Linux/x86 execve "/bin/sh" shellcode.
d7b4184b5a7ea47ec13c322c758dac2ceed368f6f5dec7ace02c73c81a32bf49
35 bytes small Linux/x86 /dev/sda wiping shellcode.
88db311b901ed70f5965fb3a51e043676c4963a4c809de48bb783a32f6fc4239
Seowon SlC 130 Router suffers from a remote code execution vulnerability.
2c2caed94290b76cf2dcb160e2fa1928c1b317ff58fa6be49af50b2e9dfe1014
OX App Suite and OX Documents suffer from access control bypass, cross site scripting, and improper input validation vulnerabilities. Multiple version ranges are affected.
51edab0377b8fe0d44554f6f7f4760f83af8457588e97679c30c8d3bae31cdc2
Whitepaper called SMB Enumeration and Exploitation and Hardening.
32726ce3c42e32b00d48c74868e7cb991cba241ef1679b9c9a9348a6fb761f60
WordPress NAB Transact WooCommerce plugin version 2.1.0 suffers from a payment bypass vulnerability.
38cc536fa634ad0e7e4c8028f098b79ee4e5dc38a1859d06b32822642b372df3
Joomla Adagency component version 6.1.2 suffers from a cross site scripting vulnerability.
abb8431114fe989f411ee64dae2f7a471688ffc43c4c3da83f30f573d71b8dc2
ElkarBackup version 1.3.3 suffers from a persistent cross site scripting vulnerability.
155269b3cd80f03f0df79bd44adf7aab9af4e49dffb380a4a25e846c3ed37aee
PNPSCADA version 2.200816204020 suffers from a remote SQL injection vulnerability.
21d4b822f7e6ab7cf0179041bbe32655dba1ed01df891cec21eaff36042ddb51
Ubuntu Security Notice 4466-2 - USN-4466-1 fixed a vulnerability in curl. This update provides the corresponding update for Ubuntu 14.04 ESM. Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information. Various other issues were also addressed.
363e84a6881deb664f7e20ddce597515fb13c1c11a5725e143a645f4a705bca0
Red Hat Security Advisory 2020-3525-01 - Quay 3.3.1 release has been released. An issue where build triggers can disclose robot account names and existence of private repos within namespaces has been addressed.
3f0048d4bdec59a51f24f090fac9217f3567fd502a0907966e5df07b310946ee
Ubuntu Security Notice 4467-1 - Ziming Zhang and VictorV discovered that the QEMU SLiRP networking implementation incorrectly handled replying to certain ICMP echo requests. An attacker inside a guest could possibly use this issue to leak host memory to obtain sensitive information. This issue only affected Ubuntu 18.04 LTS. Eric Blake and Xueqiang Wei discovered that the QEMU NDB implementation incorrectly handled certain requests. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. Various other issues were also addressed.
9aa3179b34eb601658a9a487805ca5302a3e7b10616c6b4f88ebda6983d3906c
Ruijie Networks Switch eWeb S29_RGOS version 11.4 suffers from a directory traversal vulnerability.
e67947355f710fdb12f0355326f2702534b5e368a8526c7be8b980c28738f6bb
This document is intended to provide detailed instructions for bypassing certificate pinning via a custom Root CA. It covers all the required topics for understanding this method.
e451c3653c39f8c69197cc44125ea0be0963f12054cce2cca25c7696dab74b07
PAC aims to prevent an attacker with the ability to read and write memory from executing arbitrary code. It does that by cryptographically signing and validating code pointers (as well as some data pointers) at runtime. However, it seems that imports of function pointers from shared libraries in userspace are not properly protected by PAC, allowing an attacker to sign arbitrary pointers and thus bypass PAC.
5678bd6488f4650c38c54830ecab44a07b651b61fd1c0a35953bf286d640cfe7
Red Hat Security Advisory 2020-3518-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
02da13c760b214c965c5311d654c352bb1978fb987a05a62f56c4111c97fe37d
Ubuntu Security Notice 4466-1 - Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. This could result in data being sent to the wrong destination, possibly exposing sensitive information.
47be007788d705a459cd99ccf038f03b19371474d3e506d98d242d9a4eb0aa11
Gentoo Linux Security Advisory 202008-8 - NSS has multiple information disclosure vulnerabilities when handling secret key material. Versions less than 3.55 are affected.
c5799ff9c9ac4536d22fedf39e8b495ead17a0bbbfaa825deeeba10016f08a9b
Ubuntu Security Notice 4465-1 - It was discovered that the XFS file system implementation in the Linux kernel did not properly validate meta data in some circumstances. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. It was discovered that the bcache subsystem in the Linux kernel did not properly release a lock in some error conditions. A local attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
d61918c79cfb7d2a7c42dc5a881a9fdf1bf9ceb9e554b0b44c7668274b983ab2
Red Hat Security Advisory 2020-3504-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
8a44610a43fa68798d324828d2851d69963c6600d9a04c6fcd433359710f8d98
Red Hat Security Advisory 2020-3505-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
dfec80f97242ea8e76f690cf34eb5c5ec8fc7cf0cec0668f5baa93848d783f59
Red Hat Security Advisory 2020-3501-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.2 serves as a replacement for Red Hat Single Sign-On 7.4.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, deserialization, and improper authorization vulnerabilities.
e390128d6a2fbef2d35e6bbd560115b1a61fac337fcd0f0f08ca070348829b0b