Red Hat Security Advisory 2020-4186-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.
4e9fe8b295fe8d861fe3c79cf3269c78e983fd68d926f2157ffd89e94d140173Ubuntu Security Notice 4572-1 - Frediano Ziglio discovered that Spice incorrectly handled QUIC image decoding. A remote attacker could use this to cause Spice to crash, resulting in a denial of service, or possibly execute arbitrary code.
61e26430ab99712cf25a7858e7c6444e4cccce3b19a8cb8c30f578cff2c41ec7Ubuntu Security Notice 4567-1 - It was discovered that OpenDMARC is prone to a signature-bypass vulnerability with multiple "From:" addresses. An attacker could use it to bypass spam and abuse filters.
f12c5bfade194da09e5627603cfc90029bfcf1e36e1f7f0636f1bf968734af99Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.
b29e714d866e6ec6075866950847cbd51cb8d46269dd8a4d6182d91d2d346043Ubuntu Security Notice 4565-1 - It was discovered that OpenConnect has a buffer overflow when a malicious server uses HTTP chunked encoding with crafted chunk sizes. An attacker could use it to provoke a denial of service.
a9ca830580bdfd9d995f779e6665be17210145c3a77a056c8c9bcf70d3a8f710Ubuntu Security Notice 4564-1 - It was discovered that Apache Tika can have an excessive memory usage by using a crafted or corrupt PSD file. An attacker could use it to cause a denial of service.
2110e79eadbd5cd1000095edc86e39db0195be5b4e21bbf216787f7034dad558Red Hat Security Advisory 2020-4185-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.
90e665baa19b03d07c959263b1bee477031b905ac6be24b791977018aa439e53Red Hat Security Advisory 2020-4181-01 - The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
bcde3d393794fedcb5f362e3c881b5f9bea5cc7526950b25aacb3ee2a982cc72Red Hat Security Advisory 2020-4187-01 - The Simple Protocol for Independent Computing Environments is a remote display system built for virtual environments which allows the user to view a computing 'desktop' environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. The spice-gtk packages provide a GIMP Toolkit widget for Simple Protocol for Independent Computing Environments clients. Both Virtual Machine Manager and Virtual Machine Viewer can make use of this widget to access virtual machines using the SPICE protocol. Issues addressed include a buffer overflow vulnerability.
925e8cff96b2972e8f7d422be87695207ad08722d266b944cd302f909942bfc0Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
8381b62e11a5e0ead417bcfd92845adab7dc3b9d06271c852a1166cb65a61affBotan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS #10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to most systems and compilers, and includes a substantial tutorial and API reference. This is the current stable release.
92ed6ebc918d86bd1b04221ca518af4cf29cc326c4760740bd2d22e61cea2628HashiCorp Vault's GCP authentication method can be bypassed on gce type roles that do not specify bound_service_accounts. Vault does not enforce that the compute_engine data in a signed JWT token has any relationship to the service account that created the token. This makes it possible to impersonate arbitrary GCE instances, by creating a JWT token with a faked compute_engine struct, using an arbitrary attacker controlled service account.
34f611b87b68b7fd6cab37412c7d4092e8b5a0d5ec0b29df2c510e9bc1a45ab4HashiCorp Vault's AWS IAM authentication method can be bypassed by sending a serialized request to the STS AssumeRoleWithWebIdentity method as part of the authentication flow. The request triggers a JSON encoded response from the STS server, which can contain a fully-attacker controlled fake GetCallerIdentityResponse as part of its body. As the Vault response parser ignores non-xml content before and after the malicious response, this can be used to spoof arbitrary AWS identities and roles.
b13c4db73c9c1c434d36ca980312a9413268770cfb76417ed250b35bd357b407Krpano Panorama Viewer versions 1.20.8 and below suffer from a cross site scripting vulnerability.
61b7d1777ea0ce74e001bb9d8572c8449ed98e6b6b43fda16fc7aab2e7daf620Recon-Informer is a basic real-time anti-reconnaissance detection tool for offensive security systems, useful for penetration testers. It runs on Windows/Linux and leverages scapy.
631fc764a07667ba55ccff741ea4c5d703fb716cdd19dbee4f7067779fe7db39
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed