Red Hat Security Advisory 2020-3699-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Security Fixes: .NET Core: ASP.NET cookie prefix spoofing vulnerability. Issues addressed include a spoofing vulnerability.
7eeb6e7fa92674b30184bea1625342bc83c0ce98fc29e396e3ea53dc07658cc2Red Hat Security Advisory 2020-3697-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.108 and .NET Core Runtime 3.1.8. Issues addressed include a spoofing vulnerability.
b0926b5143d4f1f9127e3ead2ce19ed26cc788b39d660795a5f2c06d7bc15c99The StorageFolder class when used out of process can bypass security checks to read and write files not allowed to an AppContainer.
02e31b80fa05e9829fb35764d85806a69ec5db202f42ff20b112f3346433b2c8The Qualcomm Adreno GPU shares a global mapping called a "scratch" buffer with the Adreno KGSL kernel driver. The contents of the scratch buffer can be overwritten by untrusted GPU commands. This results in a logic error in the Adreno driver's ringbuffer allocation code, which can be used to corrupt ringbuffer data. A race condition exists between the ringbuffer corruption and a GPU context switch, and this results in a bypass of the GPU protected mode setting. This ultimately means that an attacker can read and write arbitrary physical addresses from userland by running GPU commands while protected mode disabled, which results in arbitrary kernel code execution.
d663ef06eb4e7deef8bdea200e905217412428d8532fa626e3c1c5c2a7641f51The CloundExperienceHostBroker hosts unsafe COM objects accessible to a normal user leading to elevation of privilege.
7888834d5b9f65c613c040c3ae903e13e111aac394ea82b8960fd0610e98dd60All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from XML external entity injection vulnerabilities.
3dacee5179c39144a77b9148d96722655bd370a5195ee7c7ad75ced5ba541521All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) perform insecure deserialization practices that can lead to code execution.
1c375814061beaed31c9020dfa7b49bcc04ff9b02a06da5c105e9c46bc4d1c5dYaws versions 1.81 through 2.0.7 suffer from remote OS command injection and XML external entity injection vulnerabilities.
a545a3172fc55a8fbfa7ccde9eb9fa21f07d84ee1822019489b84a0f3a5dc7d7All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from path traversal vulnerabilities.
c0aa119646df1f1df347e0bc1206a9b1b51ac0409f37d75183a62d7a63c2fe9bAll versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from DLL hijacking vulnerabilities.
e49dbe918cc882495411b7160b3cc81912c518a3099cb02384eb64640bd70ee5All versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from a Unity client malformed image denial of service vulnerability.
9a7be3d75ecad9e4daffb25ac6ee49d70285b846896c5532dc4f8594c41e708cAll versions up to and prior to Hyland OnBase Foundation EP1 (tested: 19.8.9.1000) and OnBase 18 (tested: 18.0.0.32) suffer from having hardcoded PKI certificates and AES key material.
bc727c3205ab555062293ad759e22da0cf8f20c066816e52a61482e53fa247cfThis document presents semi-formal specifications of the security protocol SSH, more specifically the transport layer protocol, and describes a source code review of OpenSSH, the leading implementation of SSH, using these specifications.
fbbd9b60846c202528784a869a4008018381ae5c6c81a9420112f8cc31dc1a50Ubuntu Security Notice 4487-2 - USN-4487-1 fixed several vulnerabilities in libx11. This update provides the corresponding update for Ubuntu 12.04 ESM and 14.04 ESM. Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
168de6724b6de0d42f9ac0533e6a9001fabef77f53c486c7697efabcf3510931Ubuntu Security Notice 4490-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSetNames function. A local attacker could possibly use this issue to escalate privileges.
abad8332e0898a043739e31973d8281d91964ca821c8553e0fd3e938a23152cbRed Hat Security Advisory 2020-3625-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include cross site scripting and information leakage vulnerabilities.
327eeeebf09190a83d9888e88aacdfb8d48054b53c5c2e560c56664005f0ec64Red Hat Security Advisory 2020-3578-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling. Kibana is one of the major components of OpenShift Container Platform cluster logging. It is a browser-based console interface to query, discover, and visualize the log data. Issues addressed include a cross site scripting vulnerability.
76031ee5b291a4db7234b7111c7dc3217a89ce4c9123293670c14dbd76b08150Red Hat Security Advisory 2020-3662-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, integer overflow, null pointer, out of bounds read, and use-after-free vulnerabilities.
911f6bbed903dbddefb8bd0bba2f0d12e5864b3e566dea3d632a88ddb5ce9853Red Hat Security Advisory 2020-3665-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a denial of service vulnerability.
9836ff22ee1c4b573559d076da14b9688fb435fcac091a747e65150878e185b7Red Hat Security Advisory 2020-3654-01 - The libcroco is a standalone Cascading Style Sheet level 2 parsing and manipulation library.
7820a60c54380f2069a389090731a9c49e938f43f41cf3fe30f0ad9d173f3f40Red Hat Security Advisory 2020-3658-01 - The librepo library provides a C and Python API to download repository metadata. Issues addressed include a traversal vulnerability.
acbd1c7d616ab385b0246e8f8c53415649ebfdefb57d3901fbc73adbe78e651fRed Hat Security Advisory 2020-3678-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.8.1 serves as an update to Red Hat Process Automation Manager 7.8.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and code execution vulnerabilities.
b2ca39c3c8ea8a4b1c4a2c2efedd4f3bece282cfb0d9ee38b71f78b4d0582d88Red Hat Security Advisory 2020-3669-01 - PostgreSQL is an advanced object-relational database management system. Issues addressed include buffer overflow, bypass, and improper authorization vulnerabilities.
37abfe12007f0123015ff6acb45976e8a68274f270431c5da4edcf0cd23793caRed Hat Security Advisory 2020-3675-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.8.1 serves as an update to Red Hat Decision Manager 7.8.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection and code execution vulnerabilities.
175056d3c2d1d63e2c2c31dd7a958ba1f74f9587a58ef6f1bdd3290b1a5fe889Ubuntu Security Notice 4489-1 - Or Cohen discovered that the AF_PACKET implementation in the Linux kernel did not properly perform bounds checking in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
2f26a7918eeaffd16b03759efce6f29fc3c50de7cc7512d7fa284e1c0d71cbf7
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed