Centreon version 19.10.5 suffers from a Pollers remote command execution vulnerability.
824b22c2f352d66d1fac5582a1d6e01a40daed3d2d240e0e289674e34e783629Cups Easy version 1.0 suffers from a cross site request forgery vulnerability.
6573b5e541b8a5b91dccf2d5f08c2f5b5842f84ea72dc72f552b2d75d2f7922eCentreon version 19.10.5 suffers from a centreontrapd remote command execution vulnerability.
04324f51cee387f1f74eb254c7e283bedc63a9863560d41a110278c3b9393862XMLBlueprint version 16.191112 suffers from an XML external entity injection vulnerability.
578c695a7bac94cbba188e7993ccad84842dd53c1c84168f5daa5d9ce64b42f6Qualys discovered a vulnerability in OpenSMTPD, OpenBSD's mail server. This vulnerability is exploitable since May 2018 (commit a8e222352f, "switch smtpd to new grammar") and allows an attacker to execute arbitrary shell commands, as root.
9415f92980a964e9430ed555502126d19de735d2acfd5db27d83bb342e5a8b2cRed Hat Security Advisory 2020-0279-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
e7499558d2de57797ca19af08c3c3f0cae1c51b67d792eb2b26ff82a4722f8e4Red Hat Security Advisory 2020-0273-01 - SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. A table corruption detection issue has been addressed.
688da5fb1b1dbc8c4a4680ffe3c458224c80d31b4d98e3a56074f499c297eef3Apple Security Advisory 2020-1-28-1 - iOS 13.3.1 and iPadOS 13.3.1 are now available and address code execution vulnerabilities.
451f9f0db4b53867f6b4613f74a664aaee0fadcb5afed494d424333c909099b5Red Hat Security Advisory 2020-0274-01 - OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Issues addressed include a buffer overflow vulnerability.
4ce11b16929a1a9b3767262655cabc8fa00c1cff6728283b65233b33cfed3a8bApple Security Advisory 2020-1-28-2 - macOS Catalina 10.15.3, Security Update 2020-001 Mojave, and Security Update 2020-001 High Sierra are now available and address buffer overflow, bypass, and code execution vulnerabilities.
6dc59a831c4eeb00f22a91e88c410f4413de1117cf660dac3d76799ab2d9c97dApple Security Advisory 2020-1-28-4 - tvOS 13.3.1 is now available and addresses code execution vulnerabilities.
8811822470152c7c5c5739e0be582b4d494845ed881e590aa7e2da5e6d1452fbApple Security Advisory 2020-1-28-3 - watchOS 6.1.2 is now available and addresses code execution vulnerabilities.
dbe2c3cb8a3c6e9e7d49c188d63249672b132824e400c3434a381fea33e430a0Apple Security Advisory 2020-1-28-5 - Safari 13.0.5 is now available and addresses address bar spoofing and password disclosure in transit issues.
1bc6ee3c734c1df22e54ccc3a46190ad2a73832cd3ad87cc91a710439fcb7287Apple Security Advisory 2020-1-28-6 - iTunes for Windows 12.10.4 is now available and addresses a filesystem access issue.
9578f139cdb133f6a9e24a38333666affc55bfc2155c102ca3c4d9e19ebcc47cRed Hat Security Advisory 2020-0271-01 - The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Issues addressed include a use-after-free vulnerability.
a7706802887a9444a32960b79892497c5cbd56e3ba82a2cbd5e8a4dab5d053b9Ubuntu Security Notice 4258-1 - It was discovered that the Atheros 802.11ac wireless USB device driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service. It was discovered that a race condition existed in the Virtual Video Test Driver in the Linux kernel. An attacker with write access to /dev/video0 on a system with the vivid module loaded could possibly use this to gain administrative privileges. Various other issues were also addressed.
8e7ff66b846fc415e65fe269e0f56cb6c4613b8ab8d143f9d668101d578ef033Ubuntu Security Notice 4254-2 - USN-4254-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 ESM. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
e296dfaa3683b35118ef2d19cef396598dc324613fba040510ceba64ae5725b7Ubuntu Security Notice 4255-2 - USN-4255-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
08f17962ca37552a9cf17b4fe684bc75f890b133a39ec2d14d811bb61ad0df53Ubuntu Security Notice 4253-2 - USN-4253-1 fixed vulnerabilities in the Linux kernel for Ubuntu 19.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 19.10 for Ubuntu 18.04 LTS. It was discovered that the Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
51280fa5e7f72fa9d7a002782de597b12d401ffc969c9fede692619910298360Ubuntu Security Notice 4257-1 - It was discovered that OpenJDK incorrectly handled exceptions during deserialization in BeanContextSupport. An attacker could possibly use this issue to cause a denial of service or other unspecified impact. It was discovered that OpenJDK incorrectly validated properties of SASL messages included in Kerberos GSSAPI. An unauthenticated remote attacker with network access via Kerberos could possibly use this issue to insert, modify or obtain sensitive information. Various other issues were also addressed.
6ff75ec4f2760a95daaed763e796bf97b21dbc327f79938f280f8cf9600b8e58Kibana version 6.6.1 suffers from a CSV injection vulnerability.
a79072142212672614328199a639b428a9f3f3037ca68d2e9881ff24fcea8b7dLiferay CE Portal version 6.0.2 remote command execution exploit.
7e715e5aaa09f0ebc36c4eadd46505fbe50b4b054a71dcc398ae73a92e5439d8Satellian version 1.1.2 suffers from a remote code execution vulnerability.
1a239d2ff6e4bd53b95bafc7bdbaf968f2de1f7ec2f2729bd748a4efd4ef3282With Windows 10 1607, Microsoft introduced the /DEPENDENTLOADFLAG linker option, a security feature to restrict or limit the search path for DLLs. Two bugs exist with this attempt to limit access.
04f3f470ca90a3089624ef754a9f8aa5c4419a8bfbfe2910545dd4901e3c35cf
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed