Red Hat Security Advisory 2020-0698-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
4acbdf80508c41123e5d0d93ef9f016b4d2a91390e5c809eecf45a244a37e858Red Hat Security Advisory 2020-0567-01 - This release of Red Hat build of Eclipse Vert.x 3.8.5 includes security updates, bug fixes, and enhancements. HTTP request smuggling was addressed along with other security issues.
0b4509783ea57282385660eff66e033ecf2a133395097e433a3aa74442a3937bRed Hat Security Advisory 2020-0666-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM.
970ebb7260fc6a24f04f64db39246cbb8c07532b4d5d881a871042dfd6307a61Red Hat Security Advisory 2020-0669-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. An out-of-bounds heap access vulnerability has been addressed.
3a667ec0799bac2febeb85814d40c6f07c5a57a238ccbde21565372f10eefebaRed Hat Security Advisory 2020-0664-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.
8c1f96fceed0781f4ec0f4d1d7246e231bd211118ad046fc05b7bc2419d23b29Red Hat Security Advisory 2020-0663-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
e0107cb7986229680e31e1bbd0c5628975549a8bf69add5599076c8baacb57a6Imagine finding yourself in a "hostile" environment, one where you cannot run exploits, tools, and applications without worrying about prying eyes spying on you, be they a legitimate system administrator, a colleague sharing an access with you or a software solution that scans the machine you are logged in to for malicious files. Your binary should live in encrypted form in the filesystem so that no static analysis would be possible even if identified and copied somewhere else. It should be only decrypted on the fly in memory when executed, so preventing dynamic analysis too, unless the decryption key is known. To experiment with such an idea Red Timmy Sec have created the "golden frieza" project.
41f188a8a31adc549c15b975f94febb25727777ba9bf32f0242c38f4b2c03bc0This Metasploit module exploits multiple vulnerabilities in EyesOfNetwork version 5.3 and prior in order to execute arbitrary commands as root. This module takes advantage of a command injection vulnerability in the target parameter of the AutoDiscovery functionality within the EON web interface in order to write an Nmap NSE script containing the payload to disk. It then starts an Nmap scan to activate the payload. This results in privilege escalation because the apache user can execute Nmap as root. Valid credentials for a user with administrative privileges are required. However, this module can bypass authentication via two methods, i.e. by generating an API access token based on a hard-coded key, and via SQL injection. This module has been successfully tested on EyesOfNetwork 5.3 with API version 2.4.2.
ca3db710e6c2e94599263d57eba6a658ddbbec8120a91bed5f5b3b7fa9dc20a6Ubuntu Security Notice 4290-2 - USN-4290-1 fixed a vulnerability in libpam-radius-auth. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that libpam-radius-auth incorrectly handled certain long passwords. A remote attacker could possibly use this issue to cause libpam-radius-auth to crash, resulting in a denial of service. Various other issues were also addressed.
e88d9001c79faddacce3f965f6b7deea49e815367fdba894d5a3e7e5730e6166Red Hat Security Advisory 2020-0661-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.
07c3208d83521bdb147c46e8789a694174d432353ebe0e71efc235c05ccdc65fRed Hat Security Advisory 2020-0653-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and heap overflow vulnerabilities.
15c26f80d5ab7c4a7ffa313e8b48cf28f41cecfa4afcdcfc7951ba6b0cdaf899GUnet OpenEclass version 1.7.3 suffers from a remote SQL injection vulnerability.
e162d1edebed0020832cf809b72ac4a04a78f6fc85f445bff17873886d261cc6The RICOH Aficio SP 5210SF printer suffers from a html injection vulnerability.
60ef9b0d6c40fbf9912431936a070eb34763bac7e82555459a6f8d9d7360760eAlfresco version 5.2.4 suffers from multiple persistent cross site scripting vulnerabilities.
e8b6bf3c9d0342e4295b21ad9cf44c5ed78bd87235425b6da9f85a1f54a77b2fThe RICOH Aficio SP 5200S printer suffers from a html injection vulnerability.
2feb057890c0c58d6eb51497dcfd5641289ed9e43349ea72cbdc87ad7829cb5b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed