Ubuntu Security Notice 4599-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code.
92f166b6bed6ff50c6b8dfd658daac52698070ae91fda1ca0ccf131a7a8c0293
Gentoo Linux Security Advisory 202010-7 - A buffer overflow in FreeType might allow remote attacker(s) to execute arbitrary code. Versions less than 2.10.3-r1 are affected.
37971f3904c3f9484186f054018dc37de3543efabdf0f12b3fd16bb3cea98e57
Ubuntu Security Notice 4601-1 - It was discovered that pip did not properly sanitize the filename during pip install. A remote attacker could possible use this issue to read and write arbitrary files on the host filesystem as root, resulting in a directory traversal attack.
dcf9f55c2a21045921903cc342699fd163477c9a26a08cc2ed1b876581c79399
Red Hat Security Advisory 2020-4317-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
08ea5758abb21a2aed387f5d49f7a02e0b773d4862fc51e811d86b4560700c31
Red Hat Security Advisory 2020-4316-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
41b5998e1d803c7a2625010c97dad587d0319c9669b19dc0daf9b0f05d7b23b3
Ubuntu Security Notice 4600-1 - It was discovered that Netty had HTTP request smuggling vulnerabilities. A remote attacker could used it to extract sensitive information.
d12085a4920d290d321a577a5b2b9689e02c4884a87a467a951317f34cfcb982
Red Hat Security Advisory 2020-4315-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
3f14fc82aaf14c8ece19f88966a980763532214fca83e9482d7764f7eb8c1140
Red Hat Security Advisory 2020-4310-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
c9aa99640ba5641751df65bd322beeda340d4ae7c799ece0b107d8d83a921463
Red Hat Security Advisory 2020-4312-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API. Issues addressed include an XML injection vulnerability.
18bf5956329cfe1c1947719c6bc15e45f7f134d6bbf4ce1f9f266fd71956393c
Red Hat Security Advisory 2020-4311-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.4.0 ESR. Issues addressed include a use-after-free vulnerability.
2ea86c83be8b3cb1a2de3e7da9a7158a408b7602dabcdca11515616a3f8b8348
Red Hat Security Advisory 2020-4307-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
8e2a01a94b227eb9c0dd5974e5102514c8e09ca663190a7302693d10d8573fb5
Ubuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
d19bb3d7c5778cad2232b0d3f1d4767258f76d7dff5b87c5147ddaeec6110b97
Ubuntu Security Notice 4597-1 - Fran
09336a49eed8cd5c0c22be259e0560889f364e68a7dd2c5b8ffd80faaa76229c
Red Hat Security Advisory 2020-4304-01 - RHACM 2.0.4 images Red Hat Advanced Cluster Management provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Issues addressed include a bypass vulnerability.
d16f9900aac9bd2bad10dfaeacd9d5c4995b347d8b3156503d1a031c506016a8
Red Hat Security Advisory 2020-4305-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
fda681751c00a6e1d2457e3c7554147cc2e5a9f0e31283a1895db766d21cf8b0
Red Hat Security Advisory 2020-4306-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
f70f584adbf03ac2981da197816283af44820ec45368d6d015b5333d98ab9cc9
Red Hat Security Advisory 2020-4223-01 - Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include cross site scripting and information leakage vulnerabilities.
0a0c1e6d82b3f3d1ef7c4e264d5405abd9b644db1717e648010b8853d8377c2f
A brief write up discussing disclosure of internal IPs and hostnames from Apple bots leveraging Via and X-Forwarded-For headers.
b673e03e8e1aa51151d99f5859b00763aeba232a9176600740c438ec5fb79def
Ubuntu Security Notice 4588-1 - It was discovered that FlightGear could write arbitrary files if received a special nasal script. A remote attacker could exploit this with a crafted file to execute arbitrary code.
c849dce35bc30e77824edd6793dcda3546a7b9b04695fd4ce5ec5f5e155e8a5c
Ubuntu Security Notice 4586-1 - It was discovered that PHP ImageMagick extension didn't check the address used by an array. An attacker could use this issue to cause PHP ImageMagick to crash, resulting in a denial of service.
c4d79844145543c3922e2a6f5e1895cf559ec6472507132c0c38ea683219d774
Ubuntu Security Notice 4587-1 - Nicolas Ruff discovered that iTALC had buffer overflows, divide-by-zero errors and didn't check malloc return values. A remote attacker could use these issues to cause a denial of service or possibly execute arbitrary code. Josef Gajdusek discovered that iTALC had heap-based buffer overflow vulnerabilities. A remote attacker could used these issues to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
852e2ad5f87cab236b79c9a3c921691e530d13ce804213bb2268c40edc71dc2c
nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.
892447905e68f785ecdd26555a153712c8e50b29f65da72a7bfb4bc780a8f600
RedTeam Pentesting discovered a vulnerability in the BigBlueButton web conferencing system version 2.2.25 that allows participants of a conference with permissions to upload presentations to read arbitrary files from the file system and perform server-side requests. This leads to administrative access to the BigBlueButton instance.
41eaaa438c053a1afcdc56d2cd1717b2db4bf402566f20e2d848123cbaf0cbf1
Ubuntu Security Notice 4596-1 - It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. Various other issues were also addressed.
586eca4f5ac4ca20d495e510bd4240f87e2caec95b0525e93efdd8b31a455a34
Red Hat Security Advisory 2020-4295-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include bypass and improper authorization vulnerabilities.
941f7c5e5b5f41c94aa5d9cb3177c72753229956c9ef97758409a2ce95e87220