[월:] 2020년 09월

USN-4539-1: AWL vulnerability Andrew Bartlett discovered that DAViCal Andrew’s Web Libraries (AWL) did not properly manage session keys. An attacker could possibly use this issue to impersonate a session. (CVE-2020-11728) Source: USN-4539-1: AWL vulnerability

USN-4536-1: SPIP vulnerabilities Youssouf Boulouiz discovered that SPIP incorrectly handled login error messages. A remote attacker could potentially exploit this to conduct cross-site scripting (XSS) attacks. (CVE-2019-16392) Gilles Vincent discovered that SPIP incorrectly handled password reset requests. A remote attacker could possibly use this issue to cause SPIP to enumerate registered users. (CVE-2019-16394) Guillaume Fahrner discovered that SPIP did not properly sanitize input. A remote authenticated attacker could possibly use this issue to execute arbitrary code on the host server. (CVE-2019-11071) Sylvain Lefevre discovered that SPIP incorrectly handled user authorization. A remote attacker could possibly use this issue to modify and publish content and modify the database. (CVE-2019-16391) It was discovered that SPIP did not properly sanitize input. A remote attacker could, through cross-site scripting (XSS) and PHP injection, exploit this to inject arbitrary web script or HTML. (CVE-2017-15736) Alexis [ more… ]

USN-4538-1: PackageKit vulnerabilities Vaisha Bernard discovered that PackageKit incorrectly handled certain methods. A local attacker could use this issue to learn the MIME type of any file on the system. (CVE-2020-16121) Sami Niemimäki discovered that PackageKit incorrectly handled local deb packages. A local user could possibly use this issue to install untrusted packages, contrary to expectations. (CVE-2020-16122) Source: USN-4538-1: PackageKit vulnerabilities