Ubuntu Security Notice 4661-1 - It was discovered that Snapcraft includes the current directory when configuring LD_LIBRARY_PATH for application commands. If a user were tricked into installing a malicious snap or downloading a malicious library, under certain circumstances an attacker could exploit this to affect strict mode snaps that have access to the library and when launched from the directory containing the library.
0034f27371a808bf0f89dd4c57e1871f51700add1241921630559d53d1baf8ebRed Hat Security Advisory 2020-5342-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.
acbd3e14db6d09834afce1f465061e1d2d38d186b4b4b021dd8e2eabe1bfbb14Red Hat Security Advisory 2020-5341-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.
1f25f6133d8217c8b4ac927a7eab59218376028fe23c68c04f2ffa4e37fecaa8Red Hat Security Advisory 2020-5340-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.
3712a4ee80a9d53ebbdedd13d2f4fc5a4f1962a34e416dca9868e135339bb982Red Hat Security Advisory 2020-5344-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.4 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.3, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.4 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include XML injection, memory leak, and remote SQL injection vulnerabilities.
b9621d35f7b316a7c076ea7be96f7049b75a77d2af661325878fae30aa379148Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a remote file inclusion vulnerability by including arbitrary client-side dynamic scripts (JavaScript, VBScript, HTML) when adding content though the input URL material of type html. This allows hijacking of the current session of the user, execute cross-site scripting code, or changing the look of the page and content modification on current display.
f28b912bc2e9ec641f492478e48e1e97b8908f617e7d6c69a1aed77fda0c5b63Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a client-side protection bypass due to an insecure direct object reference vulnerability.
9fd82df835ccf64e79c6e4211a0e9a479e9339435abddd25b6c0f7fef0f64a43Sony BRAVIA Digital Signage versions 1.7.8 and below are vulnerable to a sensitive information disclosure vulnerability. An unauthenticated attacker can visit several API endpoints and disclose information running on the device.
1a2e9b29afb60a2ffa14c140afaaa2ec41087f27cb2ba436177afce88f72ebfbUbuntu Security Notice 4660-1 - It was discovered that a race condition existed in the perf subsystem of the Linux kernel, leading to a use-after-free vulnerability. An attacker with access to the perf subsystem could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the frame buffer implementation in the Linux kernel did not properly handle some edge cases in software scrollback. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
846750eeb23d3d60a26a9e5dd5ee57d3a56322b40ec7af818f318a1c862c2d90Invision Community version 4.5.4 suffers from a persistent cross site scripting vulnerability.
abb8978a9b24f03bacc514511aae1461f730355c46f38716e44491894e01239bRed Hat Security Advisory 2020-5333-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a code execution vulnerability.
5a3e96de86e3407d9cfb52d80d31c132625c6836c0a445f7b1d7828789543badWhitepaper called Digital Signage Systems - The Modern Hacker's Outreach. It discusses everything from public incidents to common attack vectors leveraged to manipulate content.
32d102c929783324fb48fee86075796dc171686f598a0e4415921f9d2f1f8f95mojoPortal Forums version 2.7.0.0 suffers from a persistent cross site scripting vulnerability.
aa07e3cc8d25be9d8054892ac01d33314c4f3a2a6b7dee562d5333ae33aac716Online Matrimonial Project version 1.0 authenticated remote code execution exploit.
acf99cca26ede57b301fc85244446649e9c002be3a4072fbb426a923164afa88EgavilanMedia Address Book version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
096418ee4b079a22c345b03c539e183ed690d95a14fd072e54cbf8ad24c95057Coaster CMS version 5.8.18 suffers from a persistent cross site scripting vulnerability.
ce3238081736d3ec6592f99957e38ebd98bbfcfb19eac7e5fb78f6515a08c33c
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed