This archive contains proof of concepts and a whitepaper that describes multiple email client implementations where popular clients for email are vulnerable to signature spoofing attacks.

Red Hat Security Advisory 2020-1080-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Issues addressed include OpenPGP signature spoofing and certificate errors being ignored.

Red Hat Security Advisory 2020-1600-01 - Evolution is a GNOME application that provides integrated email, calendar, contact management, and communications functionality. The evolution-data-server packages provide a unified back end for applications which interact with contacts, tasks and calendar information. Evolution Data Server was originally developed as a back end for the Evolution information management application, but is now used by various other applications. Issues addressed include a spoofing vulnerability.

Red Hat Security Advisory 2020-1047-01 - The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Issues addressed include crash and out of bounds read vulnerabilities.

Red Hat Security Advisory 2020-1084-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2020-1167-01 - Network Block Device is a protocol for accessing hard disks and other disk-like devices over the network. The nbdkit toolkit utilizes NBD to create servers with minimal dependencies. The package contains plug-in support for the C and Python programming languages. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2020-1081-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser. Issues addressed include denial of service and null pointer vulnerabilities.

Red Hat Security Advisory 2020-1045-01 - LFTP is a file transfer utility for File Transfer Protocol, Secure File Transfer Protocol, Hypertext Transfer Protocol, and other commonly used protocols. It uses the readline library for input, and provides support for bookmarks, built-in monitoring, job control, and parallel transfer of multiple files at the same time.

Red Hat Security Advisory 2020-1318-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1335-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1334-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. An arbitrary code execution vulnerability was addressed.

Red Hat Security Advisory 2020-1342-01 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Issues addressed include a code execution vulnerability.

Red Hat Security Advisory 2020-1445-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.3 serves as a replacement for Red Hat AMQ Broker 7.4.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include cross site scripting, denial of service, and information leakage vulnerabilities.

Red Hat Security Advisory 2020-1470-01 - The Network Time Protocol is used to synchronize a computer's time with another referenced time source. These packages include the ntpd service which continuously adjusts system time and utilities used to query and configure the ntpd service. Issues addressed include buffer overflow, code execution, and denial of service vulnerabilities.

A git clone action can leak cached / stored credentials for github.com to example.com due to insecure handling of newlines in the credential helper protocol.

Red Hat Security Advisory 2020-1840-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include an information leakage vulnerability.

Red Hat Security Advisory 2020-1878-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.

Red Hat Security Advisory 2020-1845-01 - The Berkeley Internet Name Domain is an implementation of the Domain Name System protocols. BIND includes a DNS server ; a resolver library ; and tools for verifying that the DNS server is operating correctly.

Red Hat Security Advisory 2020-1998-01 - The gnutls packages provide the GNU Transport Layer Security library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. An issue was addressed where the DTLS client hello contains a random value of all zeroes.

XBOX 360 Aurora version 0.6b default credential FTP bruteforcing script.

Avast Anti-Virus versions prior to 19.1.2360 suffer from a local credential disclosure vulnerability.

Red Hat Security Advisory 2020-1561-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. HTTP request smuggling vulnerabilities were addressed.

Red Hat Security Advisory 2020-1660-01 - The mod_auth_mellon module for the Apache HTTP Server is an authentication service that implements the SAML 2.0 federation protocol. The module grants access based on the attributes received in assertions generated by an IdP server. Issues addressed include an open redirection vulnerability.

Red Hat Security Advisory 2020-1792-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Issues addressed include buffer overflow and double free vulnerabilities.

Red Hat Security Advisory 2020-1725-01 - The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Issues addressed include a HTTP request smuggling vulnerability.

Red Hat Security Advisory 2020-1576-01 - memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2020-1624-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Issues addressed include buffer overflow, information leakage, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2020-1962-01 - Twisted is an event-based framework for internet applications. Twisted Web is a complete web server, aimed at hosting web applications using Twisted and Python, but fully able to serve static pages too. Issues addressed include an HTTP request smuggling vulnerability.

Red Hat Security Advisory 2020-1963-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP response splitting and buffer under-read vulnerabilities.

Red Hat Security Advisory 2020-1970-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.122. Issues addressed include out of bounds read and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-1981-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 81.0.4044.129. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2020-1936-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include HTTP request smuggling and out of bounds write vulnerabilities.

Red Hat Security Advisory 2020-2033-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2032-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2031-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2037-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2036-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.8.0 ESR. Issues addressed include buffer overflow and use-after-free vulnerabilities.

Red Hat Security Advisory 2020-2039-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2020-2038-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2020-2041-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.

Red Hat Security Advisory 2020-2040-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include buffer overflow and code execution vulnerabilities.