Ubuntu Security Notice 4621-1 - It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. It was discovered that netqmail did not properly handle certain input when validating email addresses. An attacker could use this to bypass email address validation. Various other issues were also addressed.
505a42b4d8cc358df017a8d138c2f348f0946ebc27b59443993f76b899094ba8Asterisk Project Security Advisory - If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur.
7b5bf722297267d2f92ffbd9c74ee0315153dc145925d137aff58dbd10bcf95eAsterisk versions 17.5.1 and 17.6.0 were found vulnerability to a denial of service condition where Asterisk segfaults when receiving an INVITE flood over TCP.
16f54da5d3c7145bd5aa998e183688a666211433fed046580666ec3e14e0913eUbuntu Security Notice 4620-1 - It was discovered that phpLDAPadmin didn't properly sanitize before being echoed to the user. A remote attacker could inject arbitrary HTML/Javascript code in a user's context and cause a crash, resulting in denial of service or potential execution of arbitrary code.
526e7f8e00d6eb231a95e84c7d80a713dd12c7e29924f5be6116e1bf8120904bCMSUno version 1.6.2 authenticated remote code execution exploit.
2d5cd620fd25ae62b4e39b1064c735631aab8541458656a7ea918a744f2ddbd3Asterisk Project Security Advisory - Upon receiving a new SIP Invite, Asterisk did not return the created dialog locked or referenced. This caused a gap between the creation of the dialog object, and its next use by the thread that created it. Depending upon some off nominal circumstances, and timing it was possible for another thread to free said dialog in this gap. Asterisk could then crash when the dialog object, or any of its dependent objects were de-referenced, or accessed next by the initial creation thread.
0ffdabc3873921af089a27d73efac1246b61b827d0d4706a0053ec41b4494fd6Ubuntu Security Notice 4599-3 - USN-4599-1 and USN-4599-2 fixed vulnerabilities in Firefox. The updates introduced various minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.
3e66ec4967ce3c55fc7fafb147509cb6b999fcd2428eda191419ecfbee8d5e69Sentrifugo version 3.2 assets authenticated remote code execution exploit.
41a4da39a646db1e5569159b75bf374af4d4a5b558417c1df54d4ccc95321c8fSentrifugo version 3.2 announcements authenticated remote code execution exploit.
709c9539c9907be9c7d88b1d4168327b4a6f5362099d9231861cf25451f20da3Ubuntu Security Notice 4619-1 - Mário Areias discovered that dom4j did not properly validate XML document elements. An attacker could exploit this with a crafted XML file to cause dom4j to crash, resulting in a denial of service, or possibly execute arbitrary code.
8811267ce4069d8fe5cf28d9c899a4bbd6040492be72350f1903c43c1d710157Red Hat Security Advisory 2020-4961-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.
9e803345c368e5e07879631b2fd7da4a26d21dfe3fc72747393433b0e760cbb0Proof of concept git-lfs remote code execution exploit written in Go. Affects Git, GitHub CLI, GitHub Desktop, Visual Studio, GitKraken, SmartGit, SourceTree, and more.
0c8177c46d702e8d2020c52ea4e282b0e930192714df192331520c8802c41440BlogEngine version 3.3.8 suffers from a persistent cross site scripting vulnerability.
aa9030bfadf39927f86c29d447c3d4d846efbfc9fa4bf002e5a8f9a03481201fRed Hat Security Advisory 2020-4960-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, denial of service, improper authorization, man-in-the-middle, server-side request forgery, and remote SQL injection vulnerabilities.
37587b054821cd3932803c66a9745ffe99b9249c67263ca98730dfebbedf9bdaSmartBlog version 2.0.1 suffers from a remote blind SQL injection vulnerability.
1b9bc7c4cc68e2eaf0ccbd5ae61da8c71602a8b848f30ac1ee4bd1b5864513fe
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed