Red Hat Security Advisory 2020-3637-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
18fe456380f432ad711cc532f70e648fRed Hat Security Advisory 2020-3639-01 - This release of Red Hat JBoss Enterprise Application Platform 7.2.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.2.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.2.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, denial of service, deserialization, improper authorization, remote SQL injection, and traversal vulnerabilities.
f06252c78191e71e29c17dfcf8316547Gentoo Linux Security Advisory 202009-2 - Multiple vulnerabilities have been found in Dovecot, the worst of which could allow remote attackers to cause a Denial of Service condition. Versions less than 2.3.11.3 are affected.
ebcfd57317df8fe31dcaca1f536069baRed Lion N-Tron 702-W and 702M12-W versions 2.0.26 and below suffer from cross site request forgery, hidden shell interface, cross site scripting and busybox vulnerabilities.
0d2c4894db250550f69bf99d4b85cdbdUbuntu Security Notice 4474-2 - USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, trick the user in to installing a malicious extension, spoof the URL bar, leak sensitive information between origins, or execute arbitrary code. It was discovered that NSS incorrectly handled certain signatures. An attacker could possibly use this issue to expose sensitive information. A data race was discovered when importing certificate information in to the trust store. An attacker could potentially exploit this to cause an unspecified impact. Various other issues were also addressed.
610db2d9ab4dffaa908cdf431a3e0b62Ubuntu Security Notice 4449-2 - USN-4449-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM. Ryota Shiga working with Trend Micro
9985503545bb85c13095d2aff92b19d8All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from cross site request forgery vulnerabilities.
438f9884278e093d5c5792f91e1e717eAll versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a multitude of remote SQL injection vulnerabilities.
82bf9cb51d20978bf9e038c9a947f3f5The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting vulnerabilities even if uploaded data has been validated during upload. Versions 1.15 and 1.14.7 and below are affected.
130ddc7a83a7200dee6d6d19904f8bd0Red Hat Security Advisory 2020-3539-01 - This release of Red Hat build of Thorntail 2.7.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service, deserialization, and improper authorization vulnerabilities.
ee9ccdb705db5bec1e84246752ab0e5esqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
f79dac9b60f40ccdb4e1a05797b7cdc6Red Hat Security Advisory 2020-3587-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include file disclosure and server-side request forgery vulnerabilities.
f62bfd5513ca21b278192262f6d5fa72Red Hat Security Advisory 2020-3586-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include information leakage and out of bounds read vulnerabilities.
85cdb8a12983c50089207347db2993afSifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
66c88a57ab2fdc923291df1b13bcf592Red Hat Security Advisory 2020-3585-01 - Red Hat JBoss Enterprise Application Platform CD20 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform CD20 includes bug fixes and enhancements. Issues addressed include XML injection, deserialization, man-in-the-middle, memory exhaustion, remote SQL injection, and traversal vulnerabilities.
4d987f9115fdafa0c21851c89ed7fed7Gentoo Linux Security Advisory 202008-24 - Multiple vulnerabilities have been found in OpenJDK, the worst of which could result in the arbitrary execution of code. Versions less than 8.262_p01:8 are affected.
bac441ff6c23a56ecf12a54861adbd64Gentoo Linux Security Advisory 202008-22 - Multiple vulnerabilities have been found in targetcli-fb, the worst of which could result in privilege escalation. Versions less than 2.1.53 are affected.
5dc53072019dfb7587a33ad4666647a4Gentoo Linux Security Advisory 202008-20 - Multiple vulnerabilities have been found in GPL Ghostscript, the worst of which could result in the arbitrary execution of code. Versions less than 9.52 are affected.
83377a4675a26eafbe579f5ad0fce200Gentoo Linux Security Advisory 202008-19 - Multiple vulnerabilities have been found in BIND, the worst of which could result in a Denial of Service condition. Versions less than 9.16.6 are affected.
f9bbbe5e6303ce1d526c0692d8ea0820Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
d9de1027695e4a6fb9bd4c43eed52381MikroTik RouterOS suffers from NULL pointer dereference, memory corruption and division by zero vulnerabilities.
1e3a80eae94e4c7f171cb74762439c42Gentoo Linux Security Advisory 202008-18 - Multiple vulnerabilities have been found in X.org X11 library, the worst of which could result in the arbitrary execution of code. Versions less than 1.6.12 are affected.
d0ab1e41ff7ebed3a58b9501ce1fcea9Gentoo Linux Security Advisory 202008-17 - Multiple vulnerabilities have been found in Redis, the worst of which could result in the arbitrary execution of code. Versions less than 5.0.9 are affected.
cbead2459b280eb6450f64a23bc18eb2ZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
5fee15e2fe67f4a312641b206b87d209Red Hat Security Advisory 2020-3574-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include bypass and code execution vulnerabilities.
bd03d4978fc69d3110e68b9684b0e2b9
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed