Ubuntu Security Notice 4237-1 - It was discovered that SpamAssassin incorrectly handled certain CF files. If a user or automated system were tricked into using a specially-crafted CF file, a remote attacker could possibly run arbitrary code. It was discovered that SpamAssassin incorrectly handled certain messages. A remote attacker could possibly use this issue to cause SpamAssassin to consume resources, resulting in a denial of service. Various other issues were also addressed.
cbf44edba6e3df3deb678e710dfd0ab56687a492d0f594714a7cd96584b54d24
Red Hat Security Advisory 2020-0085-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.
3a1b00ffd8a0d4d38690e39e395b007138ef3c77f321555d0d6969cc3a19b663
Ubuntu Security Notice 4236-1 - It was discovered that Libgcrypt was susceptible to a ECDSA timing attack. An attacker could possibly use this attack to recover sensitive information.
cc20f582106cabcfddab8f4a2563d40318d22578de520e2b8ca53f33beea5383
This Metasploit module exploits a remote code execution vulnerability in Citrix Application Delivery Controller and Gateway version 10.5.
bec68a9167966887bfc41632126f3582e09608bebf23999be1ca53bae2414759
Hospital Management System version 4.0 suffers from multiple reflective cross site scripting vulnerabilities.
577785f9f7a77543366601d345329f948706e972436cf56919df3d22f41fd7d4
Red Hat Security Advisory 2020-0086-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.
20a76b49be4abc80c6a40395b9cf5fa515ca53b648891dfe534365effdbc89b4
Digi AnywhereUSB version 14 suffers from a cross site scripting vulnerability.
d17251e1fa5e9135fdf58298155491d557117cba6a0e26348bf1a09c36802919
Car Rental Project version 1.0 suffers from a remote code execution vulnerability.
e4cc4dc5e55caa316a3d402d9317d0020cfe62d7d79914ce1f4bf5dca32e437a
Ubuntu Security Notice 4235-1 - Bert JW Regeer and Francisco Oca Gonzalez discovered that nginx incorrectly handled certain error_page configurations. A remote attacker could possibly use this issue to perform HTTP request smuggling attacks and access resources contrary to expectations.
044027ea326db3fb6aae4672a92bf7f3e07587ae3b37e7ae041b1440fcb590e1
Freelancy version 1.0.0 suffers from a remote code execution vulnerability.
27fcda2d60369367b781215be5aff2b0782b9cfb300a573b677ff257bfd71ac3
TaskCanvas version 1.4.0 suffers from a denial of service vulnerability.
14cf26a9c5d0b47daa3240ec63a30d2d4fbf460bf809f0bf8b7d4cf70b8f282b
Ubuntu Security Notice 4047-2 - USN-4047-1 fixed a vulnerability in libvirt. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthias Gerstner and J
aecdb81129825f72035a13cde71a406ded86fa29703505d963a4c16e44ccf1a3
Red Hat Security Advisory 2020-0084-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 79.0.3945.117. A use-after-free vulnerability was addressed.
6219b2487522c0380cd700b39a2203f0abe874ce7df602e15219a61f80e729e3
The Kaspersky parsing engine supports the ZIP archive format. The parsing engine can be bypassed by specifically manipulating an ZIP Archive (File Name Length Field) so that it can be accessed by an end-user but not the Anti-Virus software. The AV engine is unable to scan the container and gives the file a "clean" rating. A vast array of Kaspersky products are affected.
5ace3f40cceae356bd67470cd3e790eaead40adc7b7b21eaab4d4e91d3df1bc0
Bitdefender products suffer from a ZIP GPFLAG malformed archive bypass vulnerability. Affected includes all Bitdefender Products and Vendors that have licensed the Engine before Dec 12, 2019.
8a04a45f5bad5e89212de014eb589ed0ff5c2e09cbfb8bce3337bc332720c94b
Red Hat Security Advisory 2020-0078-01 - RabbitMQ is an implementation of AMQP, the emerging standard for high performance enterprise messaging. The RabbitMQ server is a robust and scalable implementation of an AMQP broker. Issues addressed include a denial of service vulnerability.
859b2374bb3855d7cf58df3dcaa9c58bacacce1d256526b7b7cca15403545b39
Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
da291d3d37b537ed0b99f39b20495c3baeefa52fd11a5d960e627af0fd3427f7
Advanced System Repair Pro version 1.9.1.7 suffers from an insecure file permissions vulnerability.
c8375d1fce6be455bbca82d61a7036995cbbdde75eb364fb138090aba9c376ec
SpotDialup version 1.2.6 suffers from a denial of service vulnerability.
01fa4154d2bc603be55e0bab9d90f830f780114695bf011ae7bf4280b12049a5
SpotDialup version 1.6.7 suffers from a denial of service vulnerability.
af6a08143c0e41675b18e19c914b128923721685191122d80ac6a8bb00ab0b5a
Chevereto version 3.13.4 Core suffers from a remote code execution vulnerability.
b3213798082fe0a9f9d55dfeba9f47f269cc8704cdec6f26289e6ed714168db7