Ubuntu Security Notice 4656-1 - Jan-Niklas Sohn discovered that the X.Org X Server XKB extension incorrectly handled certain inputs. A local attacker could possibly use this issue to escalate privileges.
82f2428e9fbc552419e92a5893d379e62c8ac3ab594194b67ac5a457342f3817
Ubuntu Security Notice 4655-1 - It was discovered that Werkzeug has insufficient debugger PIN randomness. An attacker could use this issue to access sensitive information. This issue only affected Ubuntu 18.04 LTS. It was discovered that Werkzeug incorrectly handled certain URLs. An attacker could possibly use this issue to cause phishing attacks. This issue only affected Ubuntu 16.04 LTS.
f963003ef70151c4a9f12cf38a0eec8d7635ae2186a53f0a5acf8f9c12171fca
This archive contains all of the 185 exploits added to Packet Storm in November, 2020.
0a3f6f6217e08edc2471af5425fde885ebfe8dc01d793154acc327626c4a46f6
THC-IPV6 is a toolkit that attacks the inherent protocol weaknesses of IPv6 and ICMP6 and it includes an easy to use packet factory library.
b60be61a8b0a944a66e3b719704b4c03c1bc2c22f32d5d21e99e434c82a9d769
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
d149722cb33202678fb64642ea315d0dea3fcb2d54403efb78b9819464dbd3e5
The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.
7e6d9cfdccadf636afd68a1af4fa937c8314ca49afc625712ab6e94446f1d508
Red Hat Security Advisory 2020-5314-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
d3e64b5f34c545825cf7a28e0eb05fd6fa84fdefbaa3bcadd91c24bd7a984d3c
Red Hat Security Advisory 2020-5305-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
c0fbb78cfa0a31bf66fcb5280c5543c7173545dc23a46bd554da1fb5ac7098ab
Ubuntu Security Notice 4654-1 - It was discovered that PEAR incorrectly sanitized filenames. A remote attacker could possibly use this issue to execute arbitrary code.
c191745316361b22d4ac1126abb9845238652476d22cd79c87fe915ac89dea9b
Red Hat Security Advisory 2020-5275-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer over-read, buffer overflow, code execution, information leakage, null pointer, and out of bounds read vulnerabilities.
ddd426c8ef5f7f421be7fd6c30c9b19468026fea7ae82304ca8d9ab327159ac2
Red Hat Security Advisory 2020-5302-01 - This release of Red Hat build of Quarkus 1.7.5 SP1 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include a remote SQL injection vulnerability.
f990e12777887ddeb80da5f4820355619ec2c5c4bcb873f4644e55dd82cd1722
Red Hat Security Advisory 2020-5194-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
f1c1f013aeed720cb17bef75cda00d25ece26553485af7b1e813e1b1e9734855
Red Hat Security Advisory 2020-5239-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
5784174223d043548cde7c7f5a4b37e4646b75881f00e6410680152bfee3347d
Ubuntu Security Notice 4653-1 - It was discovered that access controls for the shim’s API socket did not restrict access to the abstract unix domain socket in some cases. An attacker could use this vulnerability to run containers with elevated privileges.
4a2bc41ae485150abd3573d1dae6f74a8e578dbc67939eb1473b47262a286acf
Ubuntu Security Notice 4652-1 - It was discovered that SniffIt incorrectly handled certain configuration files. An attacker could possibly use this issue to execute arbitrary code.
4e3be3e8378557975f5e023637c27d628602a0c1470529c99d972c7ae4f99a97
Red Hat Security Advisory 2020-5257-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.5.0 ESR. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
2e77a30b9dc5798836c85340ef1a8785489383393433e2bb2a3d2e6907e5600a
Red Hat Security Advisory 2020-5235-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.5.0. Issues addressed include bypass, cross site scripting, and use-after-free vulnerabilities.
e9d221e9d272aab62b3d9b00e1bede4810a563dcb5e1ab1cbffc11e86d80195e
Red Hat Security Advisory 2020-5254-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Issues addressed include a remote SQL injection vulnerability.
1f1824342beae059c3a79c6156fcf5ae44155e9b67a2c669a42edb685ad5a28b
eClass LMS version 2.6 suffers from a remote shell upload vulnerability.
821f038a5aea7535d29976f21a3178c0ea90e27337c64e36e72aa2b0fe9737ae
WordPress EventON Calendar plugin version 3.0.5 suffers from a cross site scripting vulnerability.
4af51aa0bdaa4ea63ed2964de737d436288bb34b1b8fa463aa103c6073904e71
SciKit-Learn version 0.23.2 suffers from a denial of service vulnerability.
74ea2f94eb65fd45d7836e15053b43ffc105e3fdc927679198505c47d640629d
TypeSetter version 5.1 suffers from a cross site request forgery vulnerability.
5eebee0a2d27b3d6d6606580e0c8fb57dda257504e64cb43d745169458bbba67