Ubuntu Security Notice 4651-1 - Tom Reynolds discovered that due to a packaging error, the MySQL X Plugin was listening to all network interfaces by default, contrary to expectations. This update changes the default MySQL configuration to bind the MySQL X Plugin to localhost only. This change may impact environments where the MySQL X Plugin needs to be accessible from the network. The mysqlx-bind-address setting in the /etc/mysql/mysql.conf.d/mysqld.cnf file can be modified to allow network access. Various other issues were also addressed.
a6805aad1e3982375ec0092f04e4f49285b3266cc01728c4d1b206a2096a4829Ubuntu Security Notice 4650-1 - Alexander Bulekov discovered that QEMU incorrectly handled SDHCI device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code on the host. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Sergej Schumilo, Cornelius Aschermann, and Simon Wrner discovered that QEMU incorrectly handled USB device emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
ea01fe69cd26600b57476ee03d48b48a6c3fe133a001952a3d96808636eb4efcRed Hat Security Advisory 2020-5249-01 - Fixed two jQuery vulnerabilities Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTP requests by default Updated several dependencies of Ansible Tower's User Interface to address Updated to the latest version of python-psutil to address CVE-2019-18874 Added several optimizations to improve performance for a variety of high-load simultaneous job launch use cases Fixed workflows to no longer prevent certain users from being able to edit approval nodes Fixed confusing behavior for social auth logins across distinct browser tabs Fixed launching of Job Templates that use prompt-at-launch Ansible Vault credentials. Issues addressed include code execution and cross site scripting vulnerabilities.
110dd18b4efb16ae0c10f48cfdb06ff0615e9ae0e93f088c11b253e73a4fd781Red Hat Security Advisory 2020-5246-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.
b7558db730c8dbbbd2b623c9963183f5e936705832023cd7522e2827f5d16dc3Red Hat Security Advisory 2020-5237-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
57cad10063be658cb01b40344f1ad6de810ff1e15e20a993ecfcc28448f759e1Red Hat Security Advisory 2020-5234-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
56a7aaae67fca7cf1fb4905b8e07ce739d03cdd7e0e5cabd3e6691ae9b21858dRed Hat Security Advisory 2020-5238-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
50f8fb4cf381922ef83015a992552c89cbe69136e3bd080950d07fb991e65ab6Red Hat Security Advisory 2020-5232-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
88a44607c57b98c876449dd8089e544a06bf86c3c2aeb96f87303392cba309c9Red Hat Security Advisory 2020-5236-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
3046ebe6153884a7d29f17605a3b9ce5d760dc34bcc9e739e8bfdb2ba6e06bc8Red Hat Security Advisory 2020-5233-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
2bf1ef8c7259b1117c47ded67c3739d8ca63c88e7ba3d72755b4da561783a12dRed Hat Security Advisory 2020-5231-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
c63cd2952bedf3fa793472bc4ed8730291d520bcb536a8b8d04c5df1ac898497Red Hat Security Advisory 2020-5240-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
ecb9877a2135e9524189a54b08fdaf7d480122f8b8bf90f25ee02d1b43e81625Intelbras Router RF 301K version 1.1.2 suffers from an authentication bypass vulnerability.
1dc3296f8dd9c607dad414af1792b5147a9b845f8c95f7bf14f26a224b62e92aATX MiniCMTS200a Broadband Gateway version 2.0 suffers from a credential disclosure vulnerability.
4f391b2963e5c7014ddce384774e5b9679690f0075f5ecbcb6b58d372faa399bWordPress Heroic Knowledge Base plugin versions 3.0.1 and below appear to suffer from a remote SQL injection vulnerability.
abbd252677f7533da5cc1298cc8fa8bcb32160e8d940afb77841a6cc01b36e85Red Hat Security Advisory 2020-5159-01 - An issue with golang has been addressed where ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs.
18c4b80f6f754b662b5685131ed0bf1aa110df97ffba92263b6c36e811b51753Online Job Portal in PHP/PDO version 1.0 suffers from a remote SQL injection vulnerability.
11597010e3b8cad51f0a39b33a57c570c529c92c6e9d26080a32c9bb7df2e68b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed