Gentoo Linux Security Advisory 202009-13 - Multiple vulnerabilities have been found in Chromiun and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 85.0.4183.121 are affected.
91294756e45d105268587d76794a7e69Red Hat Security Advisory 2020-4059-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include information leakage and out of bounds read vulnerabilities.
f80f20f5bbc7df1040c003c552ceba74Ubuntu Security Notice 3968-3 - USN-3968-1 fixed several vulnerabilities in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and execute arbitrary commands. Various other issues were also addressed.
6044cf85ada96b50d32b99b140fb790dSifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
6bee73d58cd39101159e5cda8f2f4469Apple Security Advisory 2020-09-24-1 - macOS Catalina 10.15.6 Supplemental Update, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave are now available and address code execution and out of bounds read vulnerabilities.
515938eea09c5011442b4fd556e8582eRed Hat Security Advisory 2020-3835-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
f1f9b6d167f6008e5dfc5f954276b78eRed Hat Security Advisory 2020-3832-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
3ca5ecb0a4c3ac7b3db3a17cb99489d1Red Hat Security Advisory 2020-3833-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
64f5454e98144268d918f5d325ba315fRed Hat Security Advisory 2020-3834-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.3.0 ESR. Issues addressed include cross site scripting, spoofing, and use-after-free vulnerabilities.
18b017a52db603d8902592742e090ab3Red Hat Security Advisory 2020-3806-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.2.6.SP2 serves as a replacement for Red Hat support for Spring Boot 2.2.6.SP1, and includes security and bug fixes and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting and denial of service vulnerabilities.
e03d7a44e0c0d90c25bb06b54ca272f8Red Hat Security Advisory 2020-3807-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include code execution and cross site scripting vulnerabilities.
780c083fc00b5826b5832bcbc0efebb5This Metasploit module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 through 1.1.8 to execute arbitrary system commands as root. VyOS features a restricted-shell system shell intended for use by low privilege users with operator privileges. This module exploits a vulnerability in the telnet command to break out of the restricted shell, then uses sudo to exploit a command injection vulnerability in /opt/vyatta/bin/sudo-users/vyatta-show-lldp.pl to execute commands with root privileges. This module has been tested successfully on VyOS 1.1.8 amd64 and VyOS 1.0.0 i386.
3d5d65d5e0f254ce3c9343e508e95b9dApple Security Advisory 2020-09-16-4 - watchOS 7.0 is now available and addresses cross site scripting vulnerabilities.
d0cb12546d5aebcf540ac9c015984183Apple Security Advisory 2020-09-16-3 - Safari 14.0 is now available and addresses code execution, cross site scripting, out of bounds write, and use-after-free vulnerabilities.
ae29185c1601a94111093736fc67de83Apple Security Advisory 2020-09-16-2 - tvOS 14.0 is now available and addresses cross site scripting vulnerabilities.
ef7376338a1a7ad7e72201d43197b146Apple Security Advisory 2020-09-16-1 - iOS 14.0 and iPadOS 14.0 are now available and address code execution, cross site scripting, out of bounds read, and out of bounds write vulnerabilities.
bf2d39afbca775367e4876e819239e81Red Hat Security Advisory 2020-3779-01 - Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project. This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum. Issues addressed include XML injection, bypass, and improper authorization vulnerabilities.
0014bbfc17261dd58806694335808506Gentoo Linux Security Advisory 202009-10 - A vulnerabilities in PHP could lead to a Denial of Service condition. Versions less than 7.2.33:7.2 are affected.
d02ea2e4e445ae9dc9a0319b525b6459Gentoo Linux Security Advisory 202009-9 - Multiple vulnerabilities have been found in Nextcloud Desktop Sync client, the worst of which may allow execution of arbitrary code. Versions less than 2.6.5 are affected.
d9185a75c941fbb57d5cb781956639a4Gentoo Linux Security Advisory 202009-7 - Multiple vulnerabilities have been found in the Perl module DBI, the worst of which could result in a Denial of Service condition. Versions less than 1.643.0 are affected.
adc99cfc7d25d1f38f9f4dab9b40bd69MikroTik RouterOS suffers from memory corruption and reachable assertion failure vulnerabilities.
950d0eee51c2f617a1415882d1b88a0aIlchCMS version 2.1.37 suffers from multiple cross site scripting vulnerabilities.
44643740a4ccbef00c29bdf57af23e23Red Hat Security Advisory 2020-3723-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 85.0.4183.83. Issues addressed include information leakage, integer overflow, and use-after-free vulnerabilities.
3a3ae1c3cfa4b75de5e2102a900dbac4Gentoo Linux Security Advisory 202009-3 - Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 85.0.4183.102 are affected.
8416b17fa3bef5e21adc86d3c5a2672dUbuntu Security Notice 4488-2 - USN-4488-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update and also the update from USN-4490-1 for Ubuntu 14.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XRecordRegisterClients function. A local attacker could possibly use this issue to escalate privileges.
2c21e36caf7b07e3cf7bab5cb7a9f1d9
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed