News

    Exploits

    Last 20 Website Defacements - Zone-h

    Advisories

    • Red Hat Security Advisory 2020-4390-01 Wed, 28 Oct 2020 20:17:58 GMT
      Red Hat Security Advisory 2020-4390-01 - Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY principle. Issues addressed include denial of service, memory exhaustion, and remote SQL injection vulnerabilities.
    • Red Hat Security Advisory 2020-4391-01 Wed, 28 Oct 2020 20:17:51 GMT
      Red Hat Security Advisory 2020-4391-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.
    • Ubuntu Security Notice USN-4552-3 Wed, 28 Oct 2020 20:17:42 GMT
      Ubuntu Security Notice 4552-3 - USN-4552-1 and USN-4552-2 fixed a vulnerability in Pam-python. The update introduced a regression which prevented PAM modules written in Python from importing python modules from site-specific directories. Malte Kraus discovered that Pam-python mishandled certain environment variables. A local attacker could potentially use this vulnerability to execute programs as root. Various other issues were also addressed.
    • Red Hat Security Advisory 2020-4384-01 Wed, 28 Oct 2020 16:41:55 GMT
      Red Hat Security Advisory 2020-4384-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 3 and includes bug fixes and enhancements. Issues addressed include buffer overflow and integer overflow vulnerabilities.
    • Red Hat Security Advisory 2020-4383-01 Wed, 28 Oct 2020 16:41:47 GMT
      Red Hat Security Advisory 2020-4383-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 5 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 4 and includes bug fixes and enhancements. Issues addressed include buffer overflow and integer overflow vulnerabilities.
    • Red Hat Security Advisory 2020-4283-01 Wed, 28 Oct 2020 16:41:39 GMT
      Red Hat Security Advisory 2020-4283-01 - OpenStack Block Storage manages block storage mounting and the presentation of such mounted block storage to instances. The backend physical storage can consist of local disks, or Fiber Channel, iSCSI, and NFS mounts attached to Compute nodes.
    • Red Hat Security Advisory 2020-4381-01 Wed, 28 Oct 2020 16:41:30 GMT
      Red Hat Security Advisory 2020-4381-01 - The openstack-selinux package is a collection of SELinux policies for running OpenStack on Red Hat Enterprise Linux.
    • Ubuntu Security Notice USN-4608-1 Wed, 28 Oct 2020 16:40:26 GMT
      Ubuntu Security Notice 4608-1 - The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle.
    • Gentoo Linux Security Advisory 202010-08 Wed, 28 Oct 2020 16:36:31 GMT
      Gentoo Linux Security Advisory 202010-8 - Multiple vulnerabilities have been found in Mozilla Firefox and Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. Versions less than 82.0 are affected.
    • Ubuntu Security Notice USN-4607-1 Wed, 28 Oct 2020 16:35:03 GMT
      Ubuntu Security Notice 4607-1 - It was discovered that OpenJDK incorrectly handled deserializing Proxy class objects with many interfaces. A remote attacker could possibly use this issue to cause a denial of service via a specially crafted input. Sergey Ostanin discovered that OpenJDK incorrectly restricted authentication mechanisms. A remote attacker could possibly use this issue to obtain sensitive information over an unencrypted connection. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4603-1 Wed, 28 Oct 2020 16:08:19 GMT
      Ubuntu Security Notice 4603-1 - It was discovered that MariaDB didn't properly validate the content of a packet received from a server. A remote attacker could use this vulnerability to sent a specialy crafted file to cause a denial of service. It was discovered that MariaDB has other security issues. An attacker can cause a hang or frequently repeatable crash. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4600-2 Wed, 28 Oct 2020 16:08:06 GMT
      Ubuntu Security Notice 4600-2 - USN-4600-1 fixed multiple vunerabilities in Netty 3.9. This update provides the corresponding fixes for CVE-2019-20444, CVE-2019-20445 for Netty. Also it was discovered that Netty allow for unbounded memory allocation. A remote attacker could send a large stream to the Netty server causing it to crash. Various other issues were also addressed.
    • Ubuntu Security Notice USN-3081-2 Wed, 28 Oct 2020 16:04:13 GMT
      Ubuntu Security Notice 3081-2 - Dawid Golunski discovered that the Tomcat init script incorrectly handled creating log files. A remote attacker could possibly use this issue to obtain root privileges.
    • Red Hat Security Advisory 2020-4298-01 Tue, 27 Oct 2020 16:59:02 GMT
      Red Hat Security Advisory 2020-4298-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution, cross site scripting, and denial of service vulnerabilities.
    • Ubuntu Security Notice USN-4602-2 Tue, 27 Oct 2020 16:58:55 GMT
      Ubuntu Security Notice 4602-2 - USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
    • Red Hat Security Advisory 2020-4297-01 Tue, 27 Oct 2020 16:58:49 GMT
      Red Hat Security Advisory 2020-4297-01 - The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Issues addressed include information leakage, man-in-the-middle, and traversal vulnerabilities.
    • Red Hat Security Advisory 2020-4366-01 Tue, 27 Oct 2020 16:58:42 GMT
      Red Hat Security Advisory 2020-4366-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Issues addressed include HTTP request smuggling, cross site scripting, denial of service, memory leak, and traversal vulnerabilities.
    • Ubuntu Security Notice USN-4583-2 Tue, 27 Oct 2020 14:12:34 GMT
      Ubuntu Security Notice 4583-2 - USN-4583-1 fixed vulnerabilities in PHP. This update provides the corresponding update for Ubuntu 20.10. It was discovered that PHP incorrectly handled certain encrypt ciphers. An attacker could possibly use this issue to decrease security or cause incorrect encryption data. Various other issues were also addressed.
    • Ubuntu Security Notice USN-4605-1 Tue, 27 Oct 2020 14:12:28 GMT
      Ubuntu Security Notice 4605-1 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service.
    • Ubuntu Security Notice USN-4604-1 Tue, 27 Oct 2020 14:12:22 GMT
      Ubuntu Security Notice 4604-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.22 in Ubuntu 20.04 LTS and Ubuntu 20.10. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.32. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.
    • Red Hat Security Advisory 2020-4348-01 Tue, 27 Oct 2020 14:12:16 GMT
      Red Hat Security Advisory 2020-4348-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
    • Red Hat Security Advisory 2020-4350-01 Tue, 27 Oct 2020 14:12:07 GMT
      Red Hat Security Advisory 2020-4350-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
    • Ubuntu Security Notice USN-4599-2 Tue, 27 Oct 2020 14:11:59 GMT
      Ubuntu Security Notice 4599-2 - USN-4599-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 16.04 LTS. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the prompt for opening an external application, obtain sensitive information, or execute arbitrary code. Various other issues were also addressed.
    • Red Hat Security Advisory 2020-4352-01 Tue, 27 Oct 2020 14:11:51 GMT
      Red Hat Security Advisory 2020-4352-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.
    • Red Hat Security Advisory 2020-4347-01 Tue, 27 Oct 2020 14:08:17 GMT
      Red Hat Security Advisory 2020-4347-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include bypass, deserialization, integer overflow, and out of bounds access vulnerabilities.