Ubuntu Security Notice 4360-4 - USN-4360-1 fixed a vulnerability in json-c. The security fix introduced a memory leak that was reverted in USN-4360-2 and USN-4360-3. This update provides the correct fix update for CVE-2020-12762. It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to execute arbitrary code. Various other issues were also addressed.
86df77174f085c6a9d0da81563e1e73cQNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability.
afb5585d8c59cf2f3858a646d14474b6Ubuntu Security Notice 4376-1 - It was discovered that OpenSSL incorrectly handled ECDSA signatures. An attacker could possibly use this issue to perform a timing side-channel attack and recover private ECDSA keys. Matt Caswell discovered that OpenSSL incorrectly handled the random number generator. This may result in applications that use the fork system call sharing the same RNG state between the parent and the child, contrary to expectations. This issue only affected Ubuntu 18.04 LTS and Ubuntu 19.10.
f989c11ebb96bde96d6e47a9686c7190Online-Exam-System 2015 suffers from a remote SQL injection vulnerability.
728c6650a920b4dabb57ddba0cea154aRed Hat Security Advisory 2020-2332-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6.
ceddcd32a1e89267df6822a05cacafe6EyouCMS version 1.4.6 suffers from a persistent cross site scripting vulnerability.
50f5cb07b25e20f007f1276ea41730c0Red Hat Security Advisory 2020-2331-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6.
06693f18fed41c0ad6001d5e0245455cNOKIA VitalSuite SPM 2020 suffers from a remote SQL injection vulnerability.
c09f87f64bc49a7edab3ed12057f5282Red Hat Security Advisory 2020-2217-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a cross site scripting vulnerability.
ab9d506d49a926654960fae222b4f536Red Hat Security Advisory 2020-2218-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
61069eb8d214a917fe5a39c786dcaec2Ubuntu Security Notice 4375-1 - It was discovered that PHP incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service.
ac90635f0db37791117aaebd12e9e72cosTicket version 1.14.1 has been found to be susceptible to multiple additional persistent cross site scripting vulnerabilities.
c6f294bb3f9f376aebb5f75ee6d92fa5LimeSurvey version 4.1.11 suffers from a persistent cross site scripting vulnerability.
1a15187415c4aec92c406c616f07a180Online Marriage Registration System version 1.0 suffers from a persistent cross site scripting vulnerability.
09f191ba8331b5b17b93333c18cd6085Kuicms PHP EE version 2.0 suffers from a persistent cross site scripting vulnerability.
1ce0e2a58f4c205e0f768a130497d76cFirmware for the ChameleonMini RevE rebooted device. It compiles without errors or warnings and gives you more or less the same functionality as the stock firmware. This version compiles and gives you the same functionality (and more) as the original Chameleon Mini rebooted GUI.
3d43a9f1ba2478ed54e79b168ab29c57This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
68d7527bf2672153ca47402f6489a1afUbuntu Security Notice 4374-1 - Lior Shafir, Yehuda Afek, and Anat Bremler-Barr discovered that Unbound incorrectly handled certain queries. A remote attacker could use this issue to perform an amplification attack directed at a target. It was discovered that Unbound incorrectly handled certain malformed answers. A remote attacker could possibly use this issue to cause Unbound to crash, resulting in a denial of service.
65ac744979d6064e52c3b7c55bb2f20fPi-hole version 4.4.0 suffers from a remote code execution vulnerability.
b5850c62bfcb5f5502dd24e3e1620efcStreamRipper32 version 2.6 buffer overflow proof of concept exploit.
47700ed189e5e931e2dc1b81afec092eWordPress Drag and Drop File Upload Contact Form plugin version 1.3.3.2 suffers from a remote shell upload vulnerability.
415c8b9b89531c519f109fc5a2a6d49fBIND TSIG denial of service exploit.
e51df7d7af4c4c6758585060581d38b8OXID eShop version 6.3.4 suffers from a remote SQL injection vulnerability.
28541affd459b4b74d9aac4d6f2183afRed Hat Security Advisory 2020-2321-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.6 serves as a replacement for Red Hat Data Grid 7.3.5 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include HTTP request smuggling, cross site scripting, out of bounds read, and traversal vulnerabilities.
e68f4eb5689fda743d06e6ca00ead832Red Hat Security Advisory 2020-2320-01 - The jackson-databind package provides general data-binding functionality for Jackson, which works on top of Jackson core streaming API.
a1438eb123a5696b2756ac4ad0679b28
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed