Red Hat Security Advisory 2019-1833-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. This update fixes various bugs and adds enhancements.

Red Hat Security Advisory 2019-1948-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. A name equality check issue was addressed.

Red Hat Security Advisory 2019-1972-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2019-2028-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.

Red Hat Security Advisory 2019-2466-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. An improper authorization issue was addressed.

Red Hat Security Advisory 2019-2565-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. An OpenSSL issue was addressed where an X509 name equality check did not work correctly.

Red Hat Security Advisory 2019-2587-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include code execution and denial of service vulnerabilities.

Red Hat Security Advisory 2019-2806-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2019-4201-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. Issues addressed include a denial of service vulnerability.

Debian Linux Security Advisory 4587-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code.

Debian Linux Security Advisory 4586-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which could result in unauthorized access by bypassing intended path matchings, denial of service, or the execution of arbitrary code.

Red Hat Security Advisory 2020-0542-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.

Red Hat Security Advisory 2020-0588-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A remote code execution vulnerability has been addressed.

Red Hat Security Advisory 2020-0589-01 - Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller framework for web application development. Action Pack implements the controller and the view components. A remote code execution vulnerability has been addressed.

Red Hat Security Advisory 2020-0591-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.

Red Hat Security Advisory 2020-0663-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include code execution, cross site scripting, denial of service, deserialization, and traversal vulnerabilities.

Gentoo Linux Security Advisory 202003-6 - Multiple vulnerabilities have been found in Ruby, the worst of which could lead to the remote execution of arbitrary code. Versions less than 2.4.9:2.4 are affected.

Gentoo Linux Security Advisory 202003-9 - A vulnerability in OpenID library for Ruby at worst might allow an attacker to bypass authentication. Versions less than 2.9.2 are affected.

Secunia Security Advisory - Some vulnerabilities have been reported in Microsoft Windows CE, which potentially can be exploited by malicious people to compromise a vulnerable system.

Mandriva Linux Security Advisory 2012-081 - Security issues were identified and fixed in mozilla firefox. Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Using the Address Sanitizer tool, security researcher Aki Helin from OUSPG found that IDBKeyRange of indexedDB remains in the XPConnect hashtable instead of being unlinked before being destroyed. Security research firm iDefense reported that researcher wushi of team509 discovered a memory corruption on Windows Vista and Windows 7 systems with hardware acceleration disabled or using incompatible video drivers. Various other issues have also been addressed.

The Windows kernel does not properly isolate broadcast messages from low integrity applications from medium or high integrity applications. This allows commands to be broadcasted to an open medium or high integrity command prompts allowing escalation of privileges. We can spawn a medium integrity command prompt, after spawning a low integrity command prompt, by using the Win+Shift+# combination to specify the position of the command prompt on the taskbar. We can then broadcast our command and hope that the user is away and doesn't corrupt it by interacting with the UI. Broadcast issue affects versions Windows Vista, 7, 8, Server 2008, Server 2008 R2, Server 2012, RT. But Spawning a command prompt with the shortcut key does not work in Vista so you will have to check if the user is already running a command prompt and set SPAWN_PROMPT false. The WEB technique will execute a powershell encoded payload from a Web location. The FILE technique will drop an executable to the file system, set it to medium integrity and execute it. The TYPE technique will attempt to execute a powershell encoded payload directly from the command line but it may take some time to complete.

This Metasploit module exploits a vulnerability on the lrFileIOService ActiveX, as installed with HP LoadRunner 11.50. The vulnerability exists in the WriteFileString method, which allow the user to write arbitrary files. It's abused to drop a payload embedded in a dll, which is later loaded through the Init() method from the lrMdrvService control, by abusing an insecure LoadLibrary call. This Metasploit module has been tested successfully on IE8 on Windows XP. Virtualization based on the Low Integrity Process, on Windows Vista and 7, will stop this module because the DLL will be dropped to a virtualized folder, which isn't used by LoadLibrary.

Debian Linux Security Advisory 4457-1 - Hanno Böck discovered that Evolution was vulnerable to OpenPGP signatures being spoofed for arbitrary messages using a specially crafted HTML email. This issue was mitigated by moving the security bar with encryption and signature information above the message headers.

Debian Linux Security Advisory 4479-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.

Debian Linux Security Advisory 4482-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code, cross-site scripting, spoofing, information disclosure, denial of service or cross-site request forgery.

Debian Linux Security Advisory 4524-1 - Multiple vulnerabilities have been discovered in the Dino XMPP client, which could allow spoofing message, manipulation of a user's roster (contact list) and unauthorised sending of message carbons.

Apple Security Advisory 2019-9-26-9 - Safari 13.0.1 addresses user interface spoofing and browser history leakage vulnerabilities.

Apple Security Advisory 2020-1-28-5 - Safari 13.0.5 is now available and addresses address bar spoofing and password disclosure in transit issues.

Red Hat Security Advisory 2020-1080-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Issues addressed include OpenPGP signature spoofing and certificate errors being ignored.

Red Hat Security Advisory 2020-1600-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2020-1047-01 - The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Issues addressed include crash and out of bounds read vulnerabilities.

Red Hat Security Advisory 2020-1084-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2020-1167-01 - Network Block Device is a protocol for accessing hard disks and other disk-like devices over the network. The nbdkit toolkit utilizes NBD to create servers with minimal dependencies. The package contains plug-in support for the C and Python programming languages. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2020-1081-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. Issues addressed include denial of service and null pointer vulnerabilities.

Red Hat Security Advisory 2020-1045-01 - LFTP is a file transfer utility for File Transfer Protocol, Secure File Transfer Protocol, Hypertext Transfer Protocol, and other commonly used protocols. It uses the readline library for input, and provides support for bookmarks, built-in monitoring, job control, and parallel transfer of multiple files at the same time.

Gentoo Linux Security Advisory 202004-6 - A regression in GnuTLS breaks the security guarantees of the DTLS protocol. Versions less than 3.6.13 are affected.

Red Hat Security Advisory 2020-1318-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1335-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1334-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1342-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2020-1445-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.3 serves as a replacement for Red Hat AMQ Broker 7.4.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.