Security Pop Quiz! q136.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com
    Quick Heal Threat Post Naked Security ESET CIS Malware Patrol SecList MySonicWall

    Critical Infrastructure

    Case Studies

    Tools

    Exploits

    Last 20 Website Defacements - Zone-h

    Press Play to hear the answer!

    Advisories

    • Ubuntu Security Notice USN-4534-1 Wed, 23 Sep 2020 14:58:03 GMT
      Ubuntu Security Notice 4534-1 - It was discovered that Perl DBI module incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose sensitive information.
    • Red Hat Security Advisory 2020-3809-01 Wed, 23 Sep 2020 14:57:57 GMT
      Red Hat Security Advisory 2020-3809-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
    • Red Hat Security Advisory 2020-3808-01 Wed, 23 Sep 2020 14:57:49 GMT
      Red Hat Security Advisory 2020-3808-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Issues addressed include a cross site scripting vulnerability.
    • Red Hat Security Advisory 2020-3817-01 Wed, 23 Sep 2020 14:57:38 GMT
      Red Hat Security Advisory 2020-3817-01 - Red Hat AMQ Clients enable connecting, sending, and receiving messages over the AMQP 1.0 wire transport protocol to or from AMQ Broker 6 and 7. This update provides various bug fixes and enhancements in addition to the client package versions previously released on Red Hat Enterprise Linux 6, 7, and 8. Issues addressed include a denial of service vulnerability.
    • Ubuntu Security Notice USN-4533-1 Wed, 23 Sep 2020 14:57:31 GMT
      Ubuntu Security Notice 4533-1 - Veeti Veteläinen discovered that the LTSP Display Manager incorrectly handled user logins from unsupported shells. A local attacker could possibly use this issue to gain root privileges.
    • Ubuntu Security Notice USN-4532-1 Wed, 23 Sep 2020 14:57:25 GMT
      Ubuntu Security Notice 4532-1 - It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header with whitespace before the colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. It was discovered that Netty incorrectly handled certain HTTP headers. By sending an HTTP header that lacks a colon, a remote attacker could possibly use this issue to perform an HTTP request smuggling attack. Various other issues were also addressed.
    • Framer Preview 12 Content Injection Tue, 22 Sep 2020 18:32:17 GMT
      Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the activity nor does it validate the given URL.
    • Ubuntu Security Notice USN-4530-1 Tue, 22 Sep 2020 18:23:04 GMT
      Ubuntu Security Notice 4530-1 - Wolfgang Schweer discovered that Debian-LAN did not properly handle ACLs for the Kerberos admin server. A local attacker could possibly use this issue to change the passwords of other users, leading to root privilege escalation.
    • Red Hat Security Advisory 2020-3810-01 Tue, 22 Sep 2020 18:22:59 GMT
      Red Hat Security Advisory 2020-3810-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a denial of service vulnerability.
    • Ubuntu Security Notice USN-4531-1 Tue, 22 Sep 2020 18:22:53 GMT
      Ubuntu Security Notice 4531-1 - It was discovered that the BusyBox wget applet incorrectly validated SSL certificates. A remote attacker could possibly use this issue to intercept secure communications.
    • Ubuntu Security Notice USN-4529-1 Tue, 22 Sep 2020 18:22:16 GMT
      Ubuntu Security Notice 4529-1 - It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4528-1 Tue, 22 Sep 2020 18:22:09 GMT
      Ubuntu Security Notice 4528-1 - Adam Mohammed discovered that Ceph incorrectly handled certain CORS ExposeHeader tags. A remote attacker could possibly use this issue to perform an HTTP header injection attack. Lei Cao discovered that Ceph incorrectly handled certain POST requests with invalid tagging XML. A remote attacker could possibly use this issue to cause Ceph to crash, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
    • Red Hat Security Advisory 2020-3803-01 Tue, 22 Sep 2020 18:22:03 GMT
      Red Hat Security Advisory 2020-3803-01 - The bash packages provide Bash, which is the default shell for Red Hat Enterprise Linux.
    • Red Hat Security Advisory 2020-3804-01 Tue, 22 Sep 2020 18:21:57 GMT
      Red Hat Security Advisory 2020-3804-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a denial of service vulnerability.
    • Red Hat Security Advisory 2020-3783-01 Tue, 22 Sep 2020 18:21:47 GMT
      Red Hat Security Advisory 2020-3783-01 - OpenShift Container Platform components are primarily written in Go. The golang.org/x/text contains text-related packages which are used for text operations, such as character encodings, text transformations, and locale-specific text handling.
    • Ubuntu Security Notice USN-4526-1 Tue, 22 Sep 2020 18:21:40 GMT
      Ubuntu Security Notice 4526-1 - It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4527-1 Tue, 22 Sep 2020 18:21:34 GMT
      Ubuntu Security Notice 4527-1 - It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. It was discovered that the Atheros HTC based wireless driver in the Linux kernel did not properly deallocate in certain error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4525-1 Tue, 22 Sep 2020 18:21:25 GMT
      Ubuntu Security Notice 4525-1 - It was discovered that the AMD Cryptographic Coprocessor device driver in the Linux kernel did not properly deallocate memory in some situations. A local attacker could use this to cause a denial of service. It was discovered that the Conexant 23885 TV card device driver for the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4524-1 Mon, 21 Sep 2020 23:43:35 GMT
      Ubuntu Security Notice 4524-1 - Paul Dreik discovered that TNEF incorrectly handled filenames. If a user were tricked into opening a specially crafted email attachment, an attacker could possibly use this issue to write arbitrary files to the filesystem or cause TNEF crash, resulting in a denial of service.
    • Ubuntu Security Notice USN-4523-1 Mon, 21 Sep 2020 23:43:30 GMT
      Ubuntu Security Notice 4523-1 - It was discovered that LibOFX did not properly check for errors in certain situations, leading to a NULL pointer dereference. A remote attacker could use this issue to cause a denial of service attack.
    • Red Hat Security Advisory 2020-3780-01 Mon, 21 Sep 2020 21:51:59 GMT
      Red Hat Security Advisory 2020-3780-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
    • Ubuntu Security Notice USN-4522-1 Mon, 21 Sep 2020 21:51:53 GMT
      Ubuntu Security Notice 4522-1 - It was discovered that noVNC did not properly manage certain messages, resulting in the remote VNC server injecting arbitrary HTML into the noVNC web page. An attacker could use this issue to conduct cross-site scripting attacks.
    • Ubuntu Security Notice USN-4521-1 Mon, 21 Sep 2020 17:05:14 GMT
      Ubuntu Security Notice 4521-1 - It was discovered that pam_tacplus did not properly manage shared secrets if DEBUG loglevel and journald are used. A remote attacker could use this issue to expose sensitive information.
    • Ubuntu Security Notice USN-4520-1 Mon, 21 Sep 2020 14:53:59 GMT
      Ubuntu Security Notice 4520-1 - It was discovered that Exim SpamAssassin does not properly handle configuration strings. An attacker could possibly use this issue to execute arbitrary code.
    • Apple Security Advisory 2020-09-16-5 Fri, 18 Sep 2020 19:11:15 GMT
      Apple Security Advisory 2020-09-16-5 - Xcode 12.0 is now available and addresses a code execution vulnerability.