The COVR 3902 REVA router with firmware 1.01B0 has hardcoded telnet credentials.
572222ab17d0c016aa65556b5bf32f77aa7e77cca8fd648f5bbe5d57185a7505The CGI and FastCGI implementations in the Go standard library behave differently from the HTTP server implementation when serving content. In contrast to the documented behavior, they may return non-HTML data as HTML. This may lead to cross site scripting vulnerabilities even if uploaded data has been validated during upload. Versions 1.15 and 1.14.7 and below are affected.
3e08219d5677447756165c051aed3766da7e30f5b0c6159ccef3c81277c85c1fUbuntu Security Notice 4487-1 - Todd Carson discovered that libx11 incorrectly handled certain memory operations. A local attacker could possibly use this issue to escalate privileges. Jayden Rivers discovered that libx11 incorrectly handled locales. A local attacker could possibly use this issue to escalate privileges.
ed9063e4b3c1fca6e984c1c7ab040083e6748d419d186ee7a3a3b6e2ac48ab97Ubuntu Security Notice 4488-1 - Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the input extension protocol. A local attacker could possibly use this issue to escalate privileges. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly initialized memory. A local attacker could possibly use this issue to obtain sensitive information. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled the XkbSelectEvents function. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
fb858e40bd12b9e63ee10febf784385535be07b08aa013c751306a9b329cb3cfRed Hat Security Advisory 2020-3539-01 - This release of Red Hat build of Thorntail 2.7.1 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service, deserialization, and improper authorization vulnerabilities.
a8dcb5f57cea84c02cb1aa89f9bd1649ea3a591956d940900d70fda6c5368523Ubuntu Security Notice 4486-1 - Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service.
47238d846050b0c92398b13bf04c8fe1f42898cbb3cbb7e18376aaf5f105017bUbuntu Security Notice 4485-1 - Timothy Michaud discovered that the i915 graphics driver in the Linux kernel did not properly validate user memory locations for the i915_gem_execbuffer2_ioctl. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the Kvaser CAN/USB driver in the Linux kernel did not properly initialize memory in certain situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
a61831f926ce25ea97d8bd2b2fe2ff6627483599c3f1ee6249023bd9550e4f67Ubuntu Security Notice 4483-1 - Chuhong Yuan discovered that go7007 USB audio device driver in the Linux kernel did not properly deallocate memory in some failure conditions. A physically proximate attacker could use this to cause a denial of service. Fan Yang discovered that the mremap implementation in the Linux kernel did not properly handle DAX Huge Pages. A local attacker with access to DAX storage could use this to gain administrative privileges. Various other issues were also addressed.
f3d7b343dd037f207841d31eaef395a9ef8aa891f0b3d52ff6fe53d20c95c23fUbuntu Security Notice 4484-1 - It was discovered that the cgroup v2 subsystem in the Linux kernel did not properly perform reference counting in some situations, leading to a NULL pointer dereference. A local attacker could use this to cause a denial of service or possibly gain administrative privileges.
2351c2c339e6f4034dda82391d7cb2c3d9bd74b1f87a5a86a6b83a1f4a358ce2Ubuntu Security Notice 4482-1 - Fabian Vogt discovered that Ark incorrectly handled symbolic links in tar archive files. An attacker could use this to construct a malicious tar archive that, when opened, would create files outside the extraction directory.
9029a5b793714659d03b99eb0827fce84ae857f119c368cca2e3fd5aa483184aRed Hat Security Advisory 2020-3600-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
e07e91ca9ffc10ba1d1ec91f7d0e4827b53aa5e064f386ec4744192e66cd986eRed Hat Security Advisory 2020-3602-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
8753307765c44b9a78cc06891210cdc120141f62d031c905aee1055696e81539Red Hat Security Advisory 2020-3601-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
9177ed506b88e49c4d01a8b2cb8c4c03f39f85859d4c839edfc3f38c1aa72071Red Hat Security Advisory 2020-3580-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
96da009eee5638fa2d32fc29e49daf6706f825788e6e9f1eb67b75186b653d1cRed Hat Security Advisory 2020-3579-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
d81eca43b782c646ef874a1dd1a1703e3fdcd99c4a2ab0b23cf0706871b19f4a
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed