Debian Linux Security Advisory 4623-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
07b281b93bc3e551c542129111e82e593bafba8ae7fa8f3fa45f1cd3c949e937Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.
99f04b86268fb22a08e70ff9ef4ddfd161a7f6189c3363589e59d22f54fc13a5Ubuntu Security Notice 4278-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting attacks, or execute arbitrary code.
3cee7693baf92f13b72a4f7814750e482cfdbe8ffcdeb341169530ec7c83ef25EnumJavaLibs is a tool that can be used to discover which libraries are loaded (i.e. available on the classpath) by a remote Java application when it supports deserialization.
da5559bc7f4710283fa54efb778574987ae6e5d69dd60d06904a9fadf495e067CA Technologies, A Broadcom Company, is alerting customers to three vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM). Multiple vulnerabilities exist that can allow an unauthenticated remote attacker to execute arbitrary code or commands, read from or write to systems, or conduct denial of service attacks. CA published solutions to address these vulnerabilities and recommends that all affected customers implement these solutions. The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A remote attacker can execute commands, read from, or write to the target system. The second vulnerability, CVE-2020-8011, occurs due to a null pointer dereference. A remote attacker can crash the Controller service. The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow vulnerability in the Controller service. A remote attacker can execute arbitrary code.
091817c9084bf974c8447837781753ec3e99d5062faa76769b21604190b2d347SprintWork version 2.3.1 suffers from a local privilege escalation vulnerability.
d8622d1321eb8dfc8e9948dda82fa59c25ee28044e91e0d2a1b8bbf52b0562beDebian Linux Security Advisory 4622-1 - Tom Lane discovered that "ALTER ... DEPENDS ON EXTENSION" sub commands in the PostgreSQL database did not perform authorisation checks.
d999adcd4a26533ad6b97e43e89785ffaeab03376921934028ff9754878be2cbThis whitepaper is an analysis of the breach into the Kudankulam Nuclear Power Plant through the lens of Cyber Kill Chain, the study of remote access trojans, and the targeting of critical infrastructure.
d8039afcc3c0cd3e6b5b5d81614dfe2af2ca27e37a62ad3c25dcf711d62a33c4Slackware Security Advisory - New mozilla-firefox packages are available for Slackware 14.2 and -current to fix security issues.
41de21ecf821ffe77355371dc33280e3af41cf9768beab1fff75487b8d3f362bEPSON EasyMP Network Projection version 2.81 suffers from an unquoted service path vulnerability.
88c4c8e60a99cb86cb49c2933c34129d57b2526f6c6c23038743dcaf9a2538b2Red Hat Security Advisory 2020-0509-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Issues addressed include a buffer overflow vulnerability.
46e026b8c73b2c8554ec737612a6983dcc2e937ad252d8277022593a99e1f078Red Hat Security Advisory 2020-0498-01 - The org.ovirt.engine-root is a core component of oVirt. Issues addressed include cross site scripting and null pointer vulnerabilities.
9aaaf65f69bca88fd867633900a54dddbdc4184850f87795f0cea9cea29cf525HomeGuard Pro version 9.3.1 suffers from an insecure folder permission vulnerability.
ab8ff483fe7b4b5a45d38067e7ed7ab7553683fb897f6e1124fa1ab9b453128aphpMyChat Plus version 1.98 suffers from a remote SQL injection vulnerability.
f800cf8da709ce6ee8aad396e006234a64709225dbfc102700611159d080e34aSWAPGS attack proof of concept exploit that demonstrates an information disclosure in the windows kernel.
97c7f1bfac2298891dcb61e8c551eb43a94ba5aa1cbb726ea737dee6af790bb9The F-SECURE parsing engine supports the RAR Archive. The parsing engine can be bypassed by specifically manipulating a RAR archive. Various products are affected.
f8afc9d260d24a97130afc2b29b93956227a49e671abb3b13665f13a1b0de68dThis whitepaper acts as a user manual to go over HTTP DoS and DDoS tooling. Written in Turkish.
4f322fd7f21dd63af18e04ece2c4a29622617f1f6d6e08866fc467306bb0e4fc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed