Ubuntu Security Notice 4508-1 - It was discovered that StoreBackup did not properly manage lock files. A local attacker could use this issue to cause a denial of service or escalate privileges and run arbitrary code.
f62b15c1dbb028a8d75a166252979fa71b09b0d3a10e31191e0fcd5eb314597dUbuntu Security Notice 4507-1 - It was discovered that ncmpc incorrectly handled long chat messages. A remote attacker could possibly exploit this with a crafted chat message, causing ncmpc to crash, resulting in a denial of service.
08577ffb1f5bb31d28b1e77f6c7b3e0d92d47aacca0777045cf1bf76dec2e9d6nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
2ad96c811a898ad3c579fb0ce3c2aedebfce2690d63ecad79fa0a2d447fa5245Ubuntu Security Notice 4506-1 - It was discovered that MCabber does not properly manage roster pushes. An attacker could possibly use this issue to remotely perform man-in-the-middle attacks.
12fae38142404ee5c65426380254267a12eb97e830b1b0ea662d573300d381f1Ubuntu Security Notice 4505-1 - Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions.
b2d484281a33a4d7727e87e97f4ad0a528c3f167a6f30c779515d02b96bffeb5Ubuntu Security Notice 4504-1 - Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed in this update by removing the insecure ciphersuites from OpenSSL. Cesar Pereida GarcĂa, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, and Billy Brumley discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
a453c91247c0c8b05f0a70b1a3674ee04e7e21eea70c71f8885d6de34ed4c9a3This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.
4878a731edc0be4c0ac00692ed93b267a31861eb08b009ecca9a7586cc59c4641CRM versions 8.6.7 and below suffer from an insecure direct object reference vulnerability.
87cb32db18ce1f54b344437d794e6aca77b053d63b126e1e6366b2c525c1716aAcronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.
5776367a895d7236549ae9bed6615f059a8c84f1ee0883489602ba985f741b60Piwigo version 2.10.1 suffers from a cross site scripting vulnerability.
810101722470e2fc7e7b71d7e31a1dbaaa3c34991cf47fdf4e50dadba4053788Proof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.
c33a65409db7ea9ced3d7e9d9df80a4e2cef77b787ac47ff949764da970ec602Ubuntu Security Notice 4503-1 - It was discovered that Perl DBI module incorrectly handled certain calls. An attacker could possibly use this issue to execute arbitrary code.
ec2effb1de801697da892a0a1fc170dac06bbc8c10fa1660712df98a0b63ea00Ubuntu Security Notice 4502-1 - It was discovered that websocket-extensions does not properly parse special headers. A remote attacker could use this issue to cause regex backtracking, resulting in a denial of service.
cb283a5499e58bc7850ad73234317ce25342ba85d67bbd64fcc3eaa072e477adRed Hat Security Advisory 2020-3727-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data.
9b8cb278c0d21a3f67b9aa928505210b8c164d31a327f55ca3116f94d7ce2053Ubuntu Security Notice 4501-1 - It was discovered that an out-of-bounds read existed in LuaJIT. An attacker could use this to cause a denial of service or possibly expose sensitive information.
ba53d475216adaed42ea49c48faf5fe21906266788d2796ade3a529b8f07b93f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed