It was discovered that the F2FS file system implementation in the Linux kernel did not properly perform bounds checking on xattrs in some situations. A local attacker could possibly use this to expose sensitive information (kernel memory). It was discovered that the Serial CAN interface driver in the Linux kernel did not properly initialize data. A local attacker could use this to expose sensitive information (kernel memory). Other issues where also addressed.
93076523b60699a74659d86a99aa5642c64e2657baecd1f27345aa8fc2cd2b97
Ubuntu Security Notice 4583-1 - It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled certain HTTP cookies. An attacker could possibly use this issue to forge cookie which is supposed to be secure. Various other issues were also addressed.
345d3017d78252f799c8d76253a91dcf212333c2d6449dc1200daa6462b04731
Ubuntu Security Notice 4582-1 - It was discovered that Vim incorrectly handled permissions on the .swp file. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS. It was discovered that Vim incorrectly handled restricted mode. A local attacker could possibly use this issue to bypass restricted mode and execute arbitrary commands. Note: This update only makes executing shell commands more difficult. Restricted mode should not be considered a complete security measure. Various other issues were also addressed.
fc47fc2acd0f5696d70ca7ed482b424a07856c290ec8ad0976e4eea6c76971a4
Ubuntu Security Notice 4581-1 - It was discovered that Python incorrectly handled certain character sequences. A remote attacker could possibly use this issue to perform CRLF injection.
de1988a6f1f1bdb031c4aabe70461a87ae250509ed1fc7e0ff2c8c37757902b2
Guild Wars 2 suffers from an insecure folder permissions vulnerability.
90bec92a52ced52c528cc20739ae13454be95bc96d1937bb33881702ecd7a64d
NodeBB Forum versions 1.12.2 through 1.14.2 suffer from an account takeover vulnerability.
6d30c990b75ac4f394fecab6334abaf81a3839310ee672f945262fc9ae88551d
TimeClock Software version 1.01 suffers from an authenticated time-based remote SQL injection vulnerability.
bea8652b9f4d5c7c0a39b9f6879b53301c04d6ce5705609633c2f56e9e27184f
Chrome suffers from a MediaElementEventListener::UpdateSources use-after-free vulnerability.
cc438a34bde916b2367808edf5469328250a36522d444efcd405fefbb8549de7
See-SURF is a python-based scanner to find potential SSRF parameters in a web application.
030c8676e3f0ed1a611ddf8fb1f9674335b7b4e0d173d5a30ab125a38fc0ef47
Taken is a script that enables you to actively attempt to take over priorly assigned DNS to a given EC2 instance.
fdf27deda06e0def928d7a6493a1d072d1573f5e07ebf4c2374fe3549a48e290
Red Hat Security Advisory 2020-4256-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a memory leak vulnerability.
b71084b4ce90bef3808e6b84ffcdac611906de13aff82b5c7e8e237300f61583
Red Hat Security Advisory 2020-4257-01 - Red Hat JBoss Enterprise Application Platform 7.3 is a platform for Java applications based on the WildFly application runtime. This asynchronous patch is a security update for Red Hat JBoss Enterprise Application Platform 7.3. Issues addressed include a memory leak vulnerability.
0c8b1a12463322879f272116f2a7ff90de8844da62c762e96a5698ee4aa9d44e
Red Hat Security Advisory 2020-4255-01 - Updated python-psutil version to 5.6.6 inside ansible-runner container. Issues addressed include a double free vulnerability.
5fa2b0edd19c548995fa81b56ae17dd75bbbcf0b7a9fd43d5777ad177066c16a
Red Hat Security Advisory 2020-4254-01 - Updated python-psutil version to 5.6.6 inside ansible-runner container. Issues addressed include a double free vulnerability.
95b6f149ed6564a7dba27bae8b6b98f52d801a1eb8ced363663ee391a124f69c
Red Hat Security Advisory 2020-4252-01 - This release of Red Hat build of Quarkus 1.7.5 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution and remote SQL injection vulnerabilities.
b4187d94d01cb3b93f3ce744b926dc2b8f43c1ccf46fcb7ac42e3bfb33269df5
Red Hat Security Advisory 2020-4251-01 - The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.445. Issues addressed include a code execution vulnerability.
d58ce9cf5e80953a267d1dabc5e8b39d8cd3ff6c596a2153ebe0911f7d6387c9
Ubuntu Security Notice 4580-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
5ddd6088eda65a3e578f743697006787872aae3821943614561e1f904791c25a
Ubuntu Security Notice 4579-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
05c0d49c3c392b127140e8bd139792fff8b438c4ab677478c840f7ce1c8ec872
Ubuntu Security Notice 4578-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Wen Xu discovered that the XFS file system in the Linux kernel did not properly validate inode metadata in some situations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
a18e9811720af271bf9d9804ef50e7f803fafb458b5d8d20274d49c2b6aa96b2
Ubuntu Security Notice 4577-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Giuseppe Scrivano discovered that the overlay file system in the Linux kernel did not properly perform permission checks in some situations. A local attacker could possibly use this to bypass intended restrictions and gain read access to restricted files. Various other issues were also addressed.
90a75d518664f71a2c8f5fbae6f09173a5859d0e4c87135d5da4bf0b6810d592
Ubuntu Security Notice 4576-1 - Hador Manor discovered that the DCCP protocol implementation in the Linux kernel improperly handled socket reuse, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Jay Shin discovered that the ext4 file system implementation in the Linux kernel did not properly handle directory access with broken indexing, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
56e9ebdc980a53fc26b40a65f8f1c064d774d9355b5227baa18f06ca7c4497ed
Ubuntu Security Notice 4575-1 - It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code.
def02f1e39af48e745af4a8f86ef77830e35466d623fbf3aa9b9e94f6a2ef2b0
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
4129a2186e6ff316bc67962ac99febf198da6185b8cea2740a3bcb4add366cbd