Red Hat Security Advisory 2020-0708-01 - The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. HTTP request smuggling was addressed.
a170d015c32f37432d9de939a73499f02f7638a9789e5e1796da178dc64bd3a1Red Hat Security Advisory 2020-0707-01 - The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. HTTP request smuggling was addressed.
356b5cddfb52ed1d8d5aa0bcc6cf2953a6fe74e992643df32307133cffd2e459Red Hat Security Advisory 2020-0704-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a use-after-free vulnerability.
ccc228370dd78d1ad6b26462371df035b84cc84b9b1c7c2f888333847669e478Ubuntu Security Notice 4296-1 - Norbert Szetei discovered that Django incorrectly handled the GIS functions and aggregates on Oracle. A remote attacker could possibly use this issue to perform an SQL injection attack.
12e491ba936568b3738eb6221c37dce480c1eb23e583156777694e1e2279cf6aThis Metasploit module exploits a .NET serialization vulnerability in the Exchange Control Panel (ECP) web page. The vulnerability is due to Microsoft Exchange Server not randomizing the keys on a per-installation basis resulting in them using the same validationKey and decryptionKey values. With knowledge of these, values an attacker can craft a special viewstate to cause an OS command to be executed by NT_AUTHORITY\SYSTEM using .NET deserialization.
9ba178072e43dcc78183e17a6aebcaa356ad487774d5b60829b0623367acc1fbRed Hat Security Advisory 2020-0703-01 - The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream. HTTP request smuggling was addressed.
8ea83379a922dc0dcbacd24df3271f11e1b50698d6e2c37e5b91f8c7c0aff4f9Red Hat Security Advisory 2020-0702-01 - Xerces-C is a validating XML parser written in a portable subset of C++. Xerces-C makes it easy to give your application the ability to read and write XML data. A shared library is provided for parsing, generating, manipulating, and validating XML documents. Issues addressed include a use-after-free vulnerability.
306a1b1da1150eaae8df68a1866547196a2e7421d357e341f63e146f72c33c7fRed Hat Security Advisory 2020-0617-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. An issue where /etc/passwd was given incorrect privileges has been addressed.
6a548a878b9738f64e407ec0791fd34f97a41c4572ebfe95d5f14c496374a7c4Ubuntu Security Notice 4295-1 - It was discovered that Rake incorrectly handled certain files. An attacker could use this issue to possibly execute arbitrary commands.
35f68dcb9045dbb6b672d8b8f70f5c7705acd4d89b31da78d0df8b65e509dc07XOO Digital version 2.1.0 suffers from a remote SQL injection vulnerability.
0a7174ad2e0c9c3974632dc8e9aa4e315bebfa839ead4438034dc855239fa2d5UniSharp Laravel File Manager version 2.0.0 suffers from an arbitrary file read vulnerability.
1d7405c593ee49d55e59bcf504bf4d3f7496515bc48aef6a5e832b0c6175f1cdWhitepaper called Blue Team vs. Red Team: How to run your encrypted binaries in memory and go undetected. This paper discusses the golden frieza project.
326178d7c2a2126ac27509f46a4346cfb02ff83ca3fc2a5d381a2e1d830ce3ec
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed