Red Hat Security Advisory 2020-2593-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a double free vulnerability.
7a4417c5d981efd5b47a67cd8085d07bRed Hat Security Advisory 2020-2784-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.
63d2bac8288564905489404eb67aca4eRed Hat Security Advisory 2020-2783-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section.
b57faade7c43292eb00612c377b499a1Red Hat Security Advisory 2020-2779-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section.
e7a0c430bde2fc6cd9da8e4311eb26d1Red Hat Security Advisory 2020-2780-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
cf573e3774f6463d1edb038a3ac1b6ceRed Hat Security Advisory 2020-2781-01 - Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.23 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.22, and includes bug fixes and enhancements, which are documented in the Release Notes document listed in the References section.
e3cde23b1f8d16b486a10dc286e99b81Red Hat Security Advisory 2020-2777-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
d25be2031f65d7a76dc6ee683b75e819Red Hat Security Advisory 2020-2774-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include memory leak and out of bounds access vulnerabilities.
425d885fb8a689cd84db93f8e54f3499Red Hat Security Advisory 2020-2773-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include an out of bounds access vulnerability.
8b31985bbb3446d50df774826bd11f5bRed Hat Security Advisory 2020-2770-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
ee43c207b471fbcf1805943ca8b4013bRed Hat Security Advisory 2020-2771-01 - An update for microcode_ctl is now available for Red Hat Enterprise Linux 7.4 Advances Update Support. Sampling issues were addressed.
4fb3a030f5d1a959d6c5e674cf4ede91Red Hat Security Advisory 2020-2769-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.
d863f41048b1ebe1f7f80eddca076cfeRed Hat Security Advisory 2020-2768-01 - The file command is used to identify a particular file according to the type of data the file contains. It can identify many different file types, including Executable and Linkable Format binary files, system libraries, RPM packages, and different graphics formats. Issues addressed include an out of bounds read vulnerability.
4ec4267104c3544a3a11ba7a0ab8de37Red Hat Security Advisory 2020-2761-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 83.0.4103.116. Issues addressed include a use-after-free vulnerability.
55f6740c6047af440bfff40fadc7d436This Metasploit module exploits multiple vulnerabilities in Bolt CMS version 3.7.0 and 3.6.x in order to execute arbitrary commands as the user running Bolt. Valid credentials for a Bolt CMS user are required. This module has been successfully tested against Bolt CMS 3.7.0 running on CentOS 7.
0e1891b316c1ddb10007d34437171dbahaveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
5391978794208b6cca6f53d7a6211c04Ubuntu Security Notice 4406-1 - It was discovered that Mailman incorrectly handled certain inputs. An attacker could possibly use this issue to inject arbitrary content in the login page.
d37c86134c1d975900e2c97c70893d7cRed Hat Security Advisory 2020-2737-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, and cross site scripting vulnerabilities.
0f29e0c0fcd0008881ea52cec8b8b6b6Red Hat Security Advisory 2020-2758-01 - An update for microcode_ctl is now available for Red at Enterprise Linux 7.7 Extended Update Support. Sampling issues were addressed.
3880abe4694b5f5f6d5d2e15144d6ae1Red Hat Security Advisory 2020-2757-01 - An update for microcode_ctl is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Sampling issues were addressed.
c998f9311fa2a5c6541217fc385b6f8eUbuntu Security Notice 4405-1 - It was discovered that glib-networking skipped hostname certificate verification if the application failed to specify the server identity. A remote attacker could use this to perform a person-in-the-middle attack and expose sensitive information.
6edb27c788594a3ac9c50a84a2ab6977Ubuntu Security Notice 4404-1 - Thomas E. Carroll discovered that the NVIDIA Cuda graphics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the UVM driver in the NVIDIA graphics driver contained a race condition. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
ed103ada76b58b8202678448c90e6471Ubuntu Security Notice 4404-2 - USN-4404-1 fixed vulnerabilities in the NVIDIA graphics drivers. This update provides the corresponding updates for the NVIDIA Linux DKMS kernel modules. Thomas E. Carroll discovered that the NVIDIA Cuda graphics driver did not properly perform access control when performing IPC. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
b5935e1b343dcc6884e352cc5e7dbac4This Metasploit module exploits a Java deserialization vulnerability in the Inductive Automation Ignition SCADA product, versions 8.0.0 to (and including) 8.0.7. This exploit was tested on versions 8.0.0 and 8.0.7 on both Linux and Windows. The default configuration is exploitable by an unauthenticated attacker, which can achieve remote code execution as SYSTEM on a Windows installation and root on Linux. The vulnerability was discovered and exploited at Pwn2Own Miami 2020 by the Flashback team (Pedro Ribeiro + Radek Domanski).
de6af616d3b724854268bccfee1cf557Red Hat Security Advisory 2020-2755-01 - libnghttp2 is a library implementing the Hypertext Transfer Protocol version 2 protocol in C. Issues addressed include a denial of service vulnerability.
7bfc5e8b93e52968c5e4e2fc6a8a50bd
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed