MITREid versions 1.3.3 and below suffer from a cross site scripting vulnerability.
beaafdc5dee4b589fa59d194bbcda3aad72131beb6a748f37bda94014f9e24e2
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Tracing functionality used by the Routing and Remote Access service. The issue results from the lack of proper permissions on registry keys that control this functionality. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM.
6b0526f98f3e203e2ed6be699de4fcc715f41c3ab7e148e28ed2e62563a77a96
qdPM versions prior to 9.1 suffer from a remote shell upload vulnerability that allows for remote code execution.
7378aebe88336076527073b99083cdd137d3c12ddaf2cf587f30f8479d285a3d
Debian Linux Security Advisory 4630-1 - It was discovered that pysaml2, a Python implementation of SAML to be used in a WSGI environment, was susceptible to XML signature wrapping attacks, which could result in a bypass of signature verification.
b455e7a7fba61ee1881640cfb2163c846bf832ec6b79543bd174a3815adaea48
Debian Linux Security Advisory 4631-1 - Multiple security issues were discovered in Pillow, a Python imaging library, which could result in denial of service and potentially the execution of arbitrary code if malformed PCX, FLI, SGI or TIFF images are processed.
672a8a4e95e604dea700f5a873d7d479e1ba2dc4114bd73eddf87bc4c9fac27f
Debian Linux Security Advisory 4632-1 - Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol (EAP) packet parser in the Point-to-Point Protocol Daemon (pppd). An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service (pppd daemon crash).
f77ed94eb241b6463d1cc0108850a4ac7b647e3bae13cb583969676d3ec8590e
Debian Linux Security Advisory 4634-1 - Qualys discovered that the OpenSMTPD SMTP server performed insufficient validation of SMTP commands, which could result in local privilege escalation or the execution of arbitrary code.
5da50339d4d1fb31d2ce2fa5d1c69b447dfd44db51920c67a0c326da5a65d4c0
Debian Linux Security Advisory 4635-1 - Antonio Morales discovered an user-after-free flaw in the memory pool allocator in ProFTPD, a powerful modular FTP/SFTP/FTPS server. Interrupting current data transfers can corrupt the ProFTPD memory pool, leading to denial of service, or potentially the execution of arbitrary code.
bc5aa8ca4bb689d45b2d9ca0ff9b6ade1a97168e14a988f3692f4ce913bfc8ae
Debian Linux Security Advisory 4636-1 - It was reported that python-bleach, a whitelist-based HTML-sanitizing library, is prone to a mutation XSS vulnerability in bleach.clean when 'noscript' and one or more raw text tags were whitelisted.
94cda4a539fb8acdae1d82380c87a8ef4be0d2f444897775ffb0061181a93953
This whitepaper is a study that gives an overview about what methodology a hacker uses to hack into a system, discusses a theft of millions from the central bank of Bangladesh, and more.
6a0cab11f2e64f9df513d332add9505f86699b1e1ba54f3ff7ddc853a502e82f
Nimsoft nimcontroller version 7.80 suffers from an unauthenticated remote code execution vulnerability.
af11c437e4fa8db83e925757e69120962101fbd14f8be2758c3b44f0506921c0
SerialTweaker is a tool that can be used to load a serialized object, change its contents, and reserialize it to a new serialized object with modified fields inside.
f07b0cb7767fe9ecacd5cc0f2aacef08a3520cd39de4d809fae2a85d1b7c8bb0
Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers.
5f5923ef4c3fee370ed0ca1bb324f37c246015eba4a7e74ab95d9208feeded79
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities.
a31c015afddef00022d3a2c0ab9383a616b6e6954cba467eb037d16b88aaac8c
Red Hat Security Advisory 2020-0637-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite 5.8 on Red Hat Enterprise Linux 6.
94a7ebf02343bcb5014130974b28608217aeabf08433f8c6def9739ab81cea66
Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0a
Samhain is a file system integrity checker that can be used as a client/server application for centralized monitoring of networked hosts. Databases and configuration files can be stored on the server. Databases, logs, and config files can be signed for tamper resistance. In addition to forwarding reports to the log server via authenticated TCP/IP connections, several other logging facilities (e-mail, console, and syslog) are available. Tested on Linux, AIX, HP-UX, Unixware, Sun and Solaris.
958a5045c8a59fa700876133f5194c0b5962c1980df9cf0fee1207d048e18ebe
Chrome suffers from a heap use-after-free vulnerability in DesktopMediaPickerController::WebContentsDestroyed.
412f788875a5daf71252244d087b880c4599e16c220ff869fdb9818a05b134b4
This function, reached through ioctl VS4L_VERTEXIOC_QBUF in the Samsung kernel, has an error case that cannot function correctly. It reads in an array of pointers from userspace and in-place replaces each userspace pointer with a kernel pointer allocated with kzalloc(). Unfortunately, in the error case it will iterate over all the pointers in the array (regardless of how many, if any, were converted to kernel pointers) and call kfree() on each of them. Thus, all it takes to call kfree() on an arbitrary number of controlled pointers is to make the second copy_from_user() fail after successfully copying in the desired number of pointers to free.
efd831d3ab7c9c5578f97a34507b505b0fb6cf8ddb61a22e805c5ade1953fcdf
Red Hat Security Advisory 2020-0632-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include a deserialization vulnerability.
ef186e73e63f4da3cc8584b6c29f52f1d6a0879734059f2a044d20b95ac4ceab
Red Hat Security Advisory 2020-0638-01 - After May 31, 2020, as per the life-cycle support policy for Red Hat Satellite Proxy, Red Hat will discontinue technical support services as well as software maintenance services for all Red Hat Satellite and Proxy versions 5.8 or older on Red Hat Enterprise Linux 6. The listed versions will exit the existing Limited Maintenance Release phase. This means that new bug fixes, security updates, and product enhancements will no longer be provided for the following product versions: Red Hat Satellite Proxy 5.8 on Red Hat Enterprise Linux 6.
e64f35fd634c63342a72b92bc447930cd37a30abd0314ac368a398ef79634e0a
XNU suffers from a use-after-free vulnerability in tcp_input.
25701e8eca80114c8645a6f7aaac15b7712ce7c0be471ffb9169c8dccc28d609
Red Hat Security Advisory 2020-0634-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
1df0fe2f62df4d444ccb819d6f143597bfefdd169e1acff37c0f800b7b226dfa
I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.
e65c7dbbf464b6bc64afb228306fbfed0f1e67ffec74f96852b82acade53921c
Red Hat Security Advisory 2020-0631-01 - The ppp packages contain the Point-to-Point Protocol daemon and documentation for PPP support. The PPP protocol provides a method for transmitting datagrams over serial point-to-point links. PPP is usually used to dial in to an Internet Service Provider or other organization over a modem and phone line. Issues addressed include a buffer overflow vulnerability.
c5410a2d83277b036adeed661972863aa4373b96185f77a076d89b7b279a5b7a