Oce Colorwave 500 printer suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities.
cb5874cc976834228bc185741becb79371ed3b619e098dbdd4244f3a27610bf7Paulo Bonzini discovered that the KVM hypervisor implementation in the Linux kernel could improperly let a nested (level 2) guest access the resources of a parent (level 1) guest in certain situations. An attacker could use this to expose sensitive information.
013a0dfba70302c800eab63aa571da076d3bc4a87d14b9f7b138548d27333d78Gentoo Linux Security Advisory 202003-46 - Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. Versions less than 0.102.2 are affected.
d03d6a40711d315784f4b357fa9266b1ee2e4a0bd7fcfcd32cb034b8f3f84d1bUbuntu Security Notice 4308-1 - it was discovered that Twisted incorrectly validated or sanitized certain URIs or HTTP methods. A remote attacker could use this issue to inject invalid characters and possibly perform header injection attacks. It was discovered that Twisted incorrectly verified XMPP TLS certificates. A remote attacker could possibly use this issue to perform a man-in-the-middle attack and obtain sensitive information. Various other issues were also addressed.
ffdb0ccca94ded3b06bc7f31916de1a632873a8b9417f51bc485880741f8a609Gentoo Linux Security Advisory 202003-45 - A flaw in PyYAML might allow attackers to execute arbitrary code. Versions less than 5.1 are affected.
4efcc389dfc50189d4ba6f539f870ad1989d31bce442ad5128c054de355a3012Gentoo Linux Security Advisory 202003-44 - A heap-based buffer overflow in Binary diff might allow remote attackers to execute arbitrary code. Versions less than 4.3-r4 are affected.
b1f1efad1891794dcd5fdf75af24260de0b5f106570e2af61a8d870300c3fc8cGentoo Linux Security Advisory 202003-43 - Multiple vulnerabilities have been found in Apache Tomcat, the worst of which could lead to arbitrary code execution. Versions less than 8.5.51 are affected.
8f38e640cf6af12b8976936a5caecaa77d1d1f19388a0f0f4bffe837a3412916Gentoo Linux Security Advisory 202003-42 - Multiple vulnerabilities have been found in libgit2, the worst of which could result in the arbitrary execution of code. Versions less than 0.28.4 are affected.
1c3bd381162035dbcc19886c1efc4c4ea90b1c5a936056b831130de02742a3e3Gentoo Linux Security Advisory 202003-41 - A heap-based buffer overflow in GNU FriBidi might allow remote attackers to execute arbitrary code. Versions less than 1.0.8 are affected.
6d5c8083cd0886b43d1bc53ec2ea56a49885be3e93fa9348645a721f2cbe8e1bGentoo Linux Security Advisory 202003-40 - Multiple vulnerabilities have been found in Cacti, the worst of which could lead to the remote execution of arbitrary code. Versions less than 1.2.9 are affected.
18820d432372c5b6516503158ba086e9364adae96c8c9b019f11b9098c36d8e2Gentoo Linux Security Advisory 202003-39 - An SQL injection vulnerability in phpMyAdmin may allow attackers to execute arbitrary SQL statements. Versions less than 4.9.2 are affected.
3c6a9e1b09204e07e986eac3b02583cc590bcbc217459967ea92f9acadf398f3Gentoo Linux Security Advisory 202003-38 - A vulnerability in Imagick PHP extension might allow an attacker to execute arbitrary code. Versions less than 3.4.4 are affected.
b36d6436cdf44626ecd49590cd4adb1cfbe15860e4384e46492341e808062561Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs).
06a1d835ddf382f6bca40a62e8fb40b71b2f73d56f0d53523c8bd5caf9b3026dRed Hat Security Advisory 2020-0905-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.6.0. Issues addressed include code execution and use-after-free vulnerabilities.
9d814414dd9c6b13663bbe6614359cbc520795a259e665930d89dd68e8ae424eRed Hat Security Advisory 2020-0903-01 - The zsh shell is a command interpreter usable as an interactive login shell and as a shell script command processor. Zsh resembles the ksh shell, but includes many enhancements. Zsh supports command-line editing, built-in spelling correction, programmable command completion, shell functions, a history mechanism, and more. An issue with insecure dropping of privileges when unsetting PRIVILEGED option was addressed.
e63de77da0448e09562af92454bd100bd47909fca41d91cdae749ecdcb83d100Easy File Sharing Web Server version 7.2 SMTP Password local SEH buffer overflow exploit.
b30810468c7f2e22160c990f7e65066879559963c705b799364a364160ceb41aRed Hat Security Advisory 2020-0902-01 - The International Components for Unicode library provides robust and full-featured Unicode services. An integer overflow in UnicodeString::doAppend() was addressed.
ace90c4b8cc5f626260133ce047776bf5b867abdff29605667324b547847406aRed Hat Security Advisory 2020-0901-01 - The International Components for Unicode library provides robust and full-featured Unicode services. An integer overflow in UnicodeString::doAppend() was addressed.
ba79abe68ce6fabe6b2a58035299ef811f0d79f9c07555aa5ecfdee9d042e9fbRed Hat Security Advisory 2020-0899-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.7.0 serves as an update to Red Hat Decision Manager 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and information leakage vulnerabilities.
6dc0bee46ae83df24b65f4b121ac28f4c6c27bf61cce900bb24005260e64280fRed Hat Security Advisory 2020-0897-01 - The International Components for Unicode library provides robust and full-featured Unicode services. An integer overflow in UnicodeString::doAppend() was addressed.
7bc21a7250b372e7d1ddb30c966499ce8b6edfec66e04763265fb673eb5bcdbbRed Hat Security Advisory 2020-0896-01 - The International Components for Unicode library provides robust and full-featured Unicode services. An integer overflow in UnicodeString::doAppend() has been addressed.
f8658e7e169fb541dd834318ae1877e83284de6ba23430c93a4891466ecfb980Red Hat Security Advisory 2020-0898-01 - The Python Imaging Library adds image processing capabilities to your Python interpreter. This library provides extensive file format support, an efficient internal representation, and powerful image processing capabilities. An issue where improperly restricted operations on a memory buffer in libImaging/PcxDecode.c were addressed.
8d936617976628d20b7f55fc1a0e747df0d5244d6ef1d9c2fb1d00d4a828f7b7Ubuntu Security Notice 4307-1 - As a security improvement, this update adds TLSv1.3 support to the Apache HTTP Server package in Ubuntu 18.04 LTS. TLSv1.3 is enabled by default, and in certain environments may cause compatibility issues. The SSLProtocol directive may be used to disable TLSv1.3 in these problematic environments.
52f9d44ea56b4fae746f8c42e006b41a447b1478ff8e8d67795857d63c05a23dRed Hat Security Advisory 2020-0895-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.7.0 serves as an update to Red Hat Process Automation Manager 7.6.0, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include code execution and information leakage vulnerabilities.
68365edad4d51d43928f00ea3d007b3bb4188e75ebd143a26aa04d7b9cae4f4cBroadcom Wi-Fi device KR00K information disclosure proof of concept exploit. It works on WPA2 AES CCMP with Frequency 2.4GHz WLANs.
960032a20045d98e10d5e4957d802b5e4cd4b3b6ce7c9c12e90420567d85daa9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed