what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 27 RSS Feed

Files Date: 2020-11-28

Debian Security Advisory 4783-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4783-1 - Fabian Vogt discovered a flaw in sddm, a modern display manager for X11. A local attacker can take advantage of a race condition when creating the Xauthority file to escalate privileges.

tags | advisory, local
systems | linux, debian
advisories | CVE-2020-28049
SHA-256 | dae94fe733cb181789d3d0eb0c0c969c208250934490d6cb40341be35ed4ac65
Debian Security Advisory 4784-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4784-1 - Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to run insecure deserialization, embed spam, perform various Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks, escalate privileges, run arbitrary code, and delete arbitrary files.

tags | advisory, remote, web, arbitrary, vulnerability, xss, csrf
systems | linux, debian
advisories | CVE-2020-28032, CVE-2020-28033, CVE-2020-28034, CVE-2020-28035, CVE-2020-28036, CVE-2020-28037, CVE-2020-28038, CVE-2020-28039, CVE-2020-28040
SHA-256 | 4165858d7c746130e9c88d3c07ccdc273b6fcf2fe7fe4cde601f8d423e1c8b2e
Debian Security Advisory 4785-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4785-1 - It was discovered that raptor2, an RDF parser library, is prone to heap-based buffer overflow flaws, which could result in denial of service, or potentially the execution of arbitrary code, if a specially crafted file is processed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2017-18926
SHA-256 | 26a8b918f3c828a200f98ba726790ff349ec3534dabcf98f304f90d88fc92ac8
Debian Security Advisory 4786-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4786-1 - It was discovered that a boundary check in libexif, a library to parse EXIF files, could be optimised away by the compiler, resulting in a potential buffer overflow.

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2020-0452
SHA-256 | 4746926a84776a97bc99df4ffa0bb2f0445a5ae0670bb2a26dd98c54a37bddbd
Debian Security Advisory 4787-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4787-1 - Two vulnerabilities were discovered in moin, a Python clone of WikiWiki.

tags | advisory, vulnerability, python
systems | linux, debian
advisories | CVE-2020-15275, CVE-2020-25074
SHA-256 | 9efaf0a37eacf7946eee98a31d4a0154cf38440f20166b7c7bdeb81320833545
Debian Security Advisory 4788-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4788-1 - A use-after-free was found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

tags | advisory, web, arbitrary
systems | linux, debian
advisories | CVE-2020-26950
SHA-256 | bc4176d8c29f8cedbb473570305da436881f2c797041aa1bb26436ce9bb82fa6
Debian Security Advisory 4789-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4789-1 - It was discovered that codemirror, a browser-based text editor implemented in JavaScript, was vulnerable to regular expression denial-of-service.

tags | advisory, javascript
systems | linux, debian
advisories | CVE-2020-7760
SHA-256 | 4c3e8a2631768c7f7ad2596d88e8f3bcbc03a017ceaadd527438f6af21da142f
Debian Security Advisory 4790-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4790-1 - A use-after-free was found in Thunderbird, which could potentially result in the execution of arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2020-26950
SHA-256 | a24bba99e6f62b1a8545628a896b8371c3593d1819b5504e8b11b4bd9b56bc47
Debian Security Advisory 4791-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4791-1 - Ken Gaillot discovered a vulnerability in the Pacemaker cluster group, the ACL restrictions could be bypassed via unrestricted IPC communication, resulting in cluster-wide arbitrary code execution with root privileges.

tags | advisory, arbitrary, root, code execution
systems | linux, debian
advisories | CVE-2020-25654
SHA-256 | ea258fb8e2dd23dc2bd8cbfc14d1af322b234d32a12d5b7453873e66f8770b6b
Debian Security Advisory 4792-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4792-1 - Two vulnerabilities in the certificate list syntax verification and in the handling of CSN normalization were discovered in OpenLDAP, a free implementation of the Lightweight Directory Access Protocol. An unauthenticated remote attacker can take advantage of these flaws to cause a denial of service (slapd daemon crash) via specially crafted packets.

tags | advisory, remote, denial of service, vulnerability, protocol
systems | linux, debian
advisories | CVE-2020-25709, CVE-2020-25710
SHA-256 | 608859abc6939eba759e6ac68d503d152466f70de25040483e7e63834641f8a6
Debian Security Advisory 4793-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4793-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure, phishing, cross-site scripting or a DNS rebinding attack.

tags | advisory, web, arbitrary, xss, info disclosure
systems | linux, debian
advisories | CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968
SHA-256 | 7a7bef45311620bafb2f5c889b4c7cfed77fb009b5027cf57f1768378ba7c955
Debian Security Advisory 4794-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4794-1 - A heap-based buffer overflow flaw was discovered in MuPDF, a lightweight PDF viewer, which may result in denial of service or the execution of arbitrary code if malformed documents are opened.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2020-26519
SHA-256 | 2d238f41013ff33b23d9f9cfd2dd8bf4c295258e88abc0ccdd0053bf84820b31
Debian Security Advisory 4795-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4795-1 - Demi Obeneour discovered that unbounded recursion in the ASN1 parser of libkrb5 could result in denial of service.

tags | advisory, denial of service
systems | linux, debian
advisories | CVE-2020-28196
SHA-256 | a8750dc66434076b67cffbc9c200856ec34772ee6a38f6636c761503f96805a0
Debian Security Advisory 4796-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4796-1 - Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2020-16012, CVE-2020-26951, CVE-2020-26953, CVE-2020-26956, CVE-2020-26958, CVE-2020-26959, CVE-2020-26960, CVE-2020-26961, CVE-2020-26965, CVE-2020-26968
SHA-256 | 5850e3a36ebaa0db9e00ff05e35bb5e379b48d097c2815bad96f14506467cb2c
Debian Security Advisory 4797-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4797-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2020-13584, CVE-2020-9948, CVE-2020-9951, CVE-2020-9983
SHA-256 | 93fd37c701da2126e2aa679ea16d6c5e79d5f32de9b7c7497b5f1edc25c2df16
Debian Security Advisory 4798-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4798-1 - It was discovered that SPIP, a website engine for publishing, did not correctly validate its input. This would allow authenticated users to execute arbitrary code.

tags | advisory, arbitrary
systems | linux, debian
advisories | CVE-2020-28984
SHA-256 | 825a3413ca53bbeaa502503af037ea444dd328eb3f2f41c45bb519d2b523905b
Debian Security Advisory 4799-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4799-1 - Guenal Davalan reported a flaw in x11vnc, a VNC server to allow remote access to an existing X session. x11vnc creates shared memory segments with 0777 mode. A local attacker can take advantage of this flaw for information disclosure, denial of service or interfering with the VNC session of another user on the host.

tags | advisory, remote, denial of service, local, info disclosure
systems | linux, debian
advisories | CVE-2020-29074
SHA-256 | 6e35fbf88956a94bb03529ff9baef63632a0fad61fde4b835d48e9777fb9a807
Debian Security Advisory 4800-1
Posted Nov 28, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4800-1 - Two vulnerabilities were discovered in libproxy, an automatic proxy configuration management library, which could result in denial of service, or possibly, execution of arbitrary code.

tags | advisory, denial of service, arbitrary, vulnerability
systems | linux, debian
advisories | CVE-2020-25219, CVE-2020-26154
SHA-256 | 2069f57f0853f074e22b8929a0ef30347c5a359b8e1f3f5de728a589696ac7a2
Apache NiFi API Remote Code Execution
Posted Nov 28, 2020
Authored by Graeme Robinson | Site metasploit.com

This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured (or credentials provided) and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and started. The processor is then stopped and deleted.

tags | exploit
SHA-256 | b437b66f2c8618f8c04df9a7df92d09d11a6da720c7f0e0b83b4d0ced50bc1b8
nfstream 6.2.5
Posted Nov 28, 2020
Authored by Zied Aouini | Site github.com

nfstream is a Python package providing fast, flexible, and expressive data structures designed to make working with online or offline network data both easy and intuitive. It aims to be the fundamental high-level building block for doing practical, real world network data analysis in Python. Additionally, it has the broader goal of becoming a common network data processing framework for researchers providing data reproducibility across experiments.

Changes: Patch for minimal truncated UDP raw pcap handling.
tags | tool, python
systems | unix
SHA-256 | b29dd2210d1fa0d5110aba618de0c58f5b04b5237a8c34c165f031ae81d980ee
Ubuntu Security Notice USN-4646-2
Posted Nov 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4646-2 - USN-4646-1 fixed vulnerabilities in poppler. The fix for CVE-2019-10871 introduced a regression causing certain applications linked against poppler to fail. This update backs out the fix pending further investigation. It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, vulnerability
systems | linux, ubuntu
SHA-256 | 9431298902d09c73f0540e5bc84aa3b66ae7db15eebf0512eb5803b2aee5d378
Ubuntu Security Notice USN-4649-1
Posted Nov 28, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4649-1 - Jens Mueller discovered that xdg-utils incorrectly handled certain URI. An attacker could possibly use this issue to expose sensitive information.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2020-27748
SHA-256 | b91273898d91df8743509775544405d15654918f86c428cb861971e6926cf9da
Weaponize GhostWriting Injection - Code Injection Series Part 5
Posted Nov 28, 2020
Authored by Emeric Nasi

Whitepaper called Weaponize GhostWriting Injection. This is part 5 of a 5 part series of papers.

tags | paper
SHA-256 | 3d099a69228585c470a148ebe081be2da6d34c0d0dfd0ebd47cfdcc1cef8b097
Disable Dynamic Code Mitigation (ACG) - Code Injection Series Part 4
Posted Nov 28, 2020
Authored by Emeric Nasi

Whitepaper called Disable Dynamic Code Mitigation (ACG). This is part 4 of a 5 part series of papers.

tags | paper
SHA-256 | d6f9a7c37019c5bda76e8bcb2576b76d7396ed3886e915eba4a11c4457397857
Exploit WNF Callback - Code Injection Series Part 3
Posted Nov 28, 2020
Authored by Emeric Nasi

Whitepaper called Exploit WNF Callback. This is part 3 of a 5 part series of papers.

tags | paper
SHA-256 | 9664b39e787231b3245fe5981dad6081e60b1c547f615b949c49188c2fdc68ac
Page 1 of 2
Back12Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close