Multiple issues have been found in cacti, a server monitoring system,potentially resulting in SQL code execution or information disclosure byauthenticated users.
More info:
https://www.debian.org/security/2020/dsa-4604
Several vulnerabilities have been discovered in the OpenJDK Javaruntime, resulting in denial of service, incorrect implementation ofKerberos GSSAPI and TGS requests or incorrect TLS handshakes.
More info:
https://www.debian.org/security/2020/dsa-4605
Several vulnerabilities have been discovered in the chromium web browser.
More info:
https://www.debian.org/security/2020/dsa-4606
More info:
https://wpvulndb.com/vulnerabilities/10039
Lukas Kupczyk reported a vulnerability in the handling of chunked HTTPin openconnect, an open client for Cisco AnyConnect, Pulse andGlobalProtect VPN. A malicious HTTP server (after having accepted itsidentity certificate), can provide bogus chunk lengths for chunked HTTPencoding and cause a heap-based buffer overflow.
More info:
https://www.debian.org/security/2020/dsa-4607
https://wpvulndb.com/vulnerabilities/10034
More info:
https://wpvulndb.com/vulnerabilities/10034
https://wpvulndb.com/vulnerabilities/10033
More info:
https://wpvulndb.com/vulnerabilities/10033
https://wpvulndb.com/vulnerabilities/10035
More info:
https://wpvulndb.com/vulnerabilities/10035
by Michael Hawkins. Messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored XSS.Severity/Risk:SeriousVersions affected:3.8Versions fixed:3.8.1Reported by:Cid da CostaWorkaround:Disable the messaging system until the patch has been applied.CVE identifier:CVE-2020-1691Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-67637Tracker issue:MDL-67637 Stored XSS in message conversation overview
More info:
https://moodle.org/mod/forum/discuss.php?d=395953&parent=1596360
More info:
https://wpvulndb.com/vulnerabilities/10034
