Red Hat Security Advisory 2020-1050-01 - The Common UNIX Printing System provides a portable printing layer for Linux, UNIX, and similar operating systems. Issues addressed include a cross site request forgery vulnerability.

PHP-Fusion version 9.03.50 suffers from an arbitrary file upload vulnerability.

Red Hat Security Advisory 2020-0850-01 - An update for python-pip is now available for Red Hat Enterprise Linux 7. CRLF injection and credential exposure issues were addressed.

Intelbras Wireless N 150Mbps WRN240 suffers from a configuration upload authentication bypass vulnerability.

Oce Colorwave 500 printer suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities.

Red Hat Security Advisory 2020-1508-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2020-1507-01 - The java-1.7.0-openjdk packages provide the OpenJDK 7 Java Runtime Environment and the OpenJDK 7 Java Software Development Kit. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2020-1506-01 - The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Issues addressed include denial of service and deserialization vulnerabilities.

Red Hat Security Advisory 2020-1509-01 - The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. Issues addressed include denial of service and deserialization vulnerabilities.

PHP-Fusion version 9.03.50 suffers from a persistent cross site scripting vulnerability.

Secunia Security Advisory - NetBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Chkrootkit checks locally for signs of a rootkit. Chkrootkit includes ifpromisc.c to check and see if the interface is in promisc mode, chklastlog.c to check lastlog for deletions, and chkwtmp.c to check wtmp for deletions, strings.c for quick and dirty strings replacement, check_wtmpx.c to check for wtmpx deletions and the files chkproc.c and chkdirs.c to check for LKM trojans. Tested on Linux 2.0.x, 2.2.x and 2.4.x, FreeBSD 2.2.x, 3.x, 4.x, and 5.x, BSDI, OpenBSD 2.6, 2.7, 2.8, 2.9, 3.0 and 3.1, NetBSD 1.5.2 and Solaris 2.5.1, 2.6 and 8.0, and HP-UX 11.

Cisco IronPort C350 remote host header injection exploit.

Cisco WLC 2504 version 8.9 suffers from a denial of service vulnerability.

devolo dLAN 550 duo+ version 3.1.0-1 suffers from a remote code execution vulnerability. The devolo firmware has what seems to be a 'hidden' services which can be enabled by authenticated attacker via the the htmlmgr CGI script. This allows the attacker to start services that are deprecated or discontinued and achieve remote arbitrary code execution with root privileges.

An exploitable command injection vulnerability exists in the ACEManager iplogging.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can inject arbitrary commands, resulting in arbitrary command execution. An attacker can send an authenticated HTTP request to trigger this vulnerability.

An exploitable unverified password change vulnerability exists in the ACEManager upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a unverified device configuration change, resulting in an unverified change of the user password on the device. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An exploitable Information Disclosure vulnerability exists in the ACEManager EmbeddedAceGet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause an information disclosure, resulting in the exposure of confidential information, including, but not limited to, plaintext passwords and SNMP community strings. An attacker can make an authenticated HTTP request, or run the binary, to trigger this vulnerability.

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSet_Task.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a arbitrary setting writes, resulting in the unverified changes to any system setting. An attacker can make an authenticated HTTP request, or run the binary as any user, to trigger this vulnerability.

An exploitable information disclosure vulnerability exists in the ACEManager template_load.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can cause a information leak, resulting in the disclosure of internal paths and files. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Debian Linux Security Advisory 4507-1 - Several vulnerabilities were discovered in Squid, a fully featured web proxy cache. The flaws in the HTTP Digest Authentication processing, the HTTP Basic Authentication processing and in the cachemgr.cgi allowed remote attackers to perform denial of service and cross-site scripting attacks, and potentially the execution of arbitrary code.

Ubuntu Security Notice 4350-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.80 in Ubuntu 19.10 and Ubuntu 20.04 LTS. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS have been updated to MySQL 5.7.30. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

In early June, the UK enshrined into law a commitment to reach net zero carbon emissions by 2050, making Britain the first major economy to do so. Meeting this target will require substantial reliance on renewable energy from solar, tidal, hydro, and wind sources, both onshore and offshore.

According to data recently released by the China Electric Vehicle Charging Infrastructure Promotion Association, the number of public charging stations for electric vehicles (EVs) owned and operated by its members totaled 401,000 units as of May 2019, of which 229,000 were AC charging stations, 171,000 were DC and 500 AC/DC were integrated, representing a year on year increase of 50.5 percent and 9,658 units from the previous month. Between June 2018 and May 2019, the number of public charging stations for EVs showed an average monthly increase of some 11,205 units.

The projects include a 999-MW wind facility being built north of Weatherford, a 287-MW wind facility being built southwest of Enid, and a 199-MW facility being built south of Alva. They are being developed by Invenergy.

Solar company Hanergy announced that its thin-film solar modules will cover the 150,000 square meter roof of the ‘Rafael Gallery’ located at a Tech City in Shanghai.

The American Wind Energy Association (AWEA) has released data for Q2, indicating activity rose to new heights in the wind development sector.

The Chinese government recently issued a whitepaper on the status and prospects of the hydrogen fuel and fuel cell sectors, indicating that energy derived from hydrogen will become an important part of the Chinese energy network.

With its original commissioning dating back to 2008, NextEra’s 150-megawatt (MW) Endeavor Wind Energy Center I & II projects in Osceola County are undergoing a prudent re-powering process. Blattner Energy construction crews moved into the Osceola County wind farm area this spring and started work. Blatter Energy is an Avon, Minnesota based heavy construction contractor.

In a first for the country, Germany generated 54.5 percent of electricity from renewable energy in March 2019. This is according to data collected by the Fraunhofer Institute for Solar Energy Systems.

Developing carbon capture and storage technology and low-carbon hydrogen is “a necessity not an option” for the UK to achieve a net zero carbon economy by 2050.

LONGi Solar this week said that it has invented a new “seamless soldering” technique that could help it produce a more efficient solar module. As a reminder, the more solar cells you can pack into a module, the more efficient it is. And the more efficient your modules, the fewer you need to achieve the wattage you seek in an array. By using less modules, you reduce the overall installed cost of solar.

Tesla Inc. is planning a factory in China with a capacity for 500,000 vehicles a year, its biggest step beyond the U.S. so far, according to people familiar with the matter. Tesla is due to sign a memorandum of understanding with local entities in Shanghai, the people said, asking not to be identified as the information isn’t public. Chief Executive Officer Elon Musk was to be in the city for an event with the government on Tuesday, Bloomberg reported earlier. A Tesla representative in China didn’t immediately respond to a request for comment.

Developing carbon capture and storage technology and low-carbon hydrogen is “a necessity not an option” for the UK to achieve a net zero carbon economy by 2050.

LONGi Solar this week said that it has invented a new “seamless soldering” technique that could help it produce a more efficient solar module. As a reminder, the more solar cells you can pack into a module, the more efficient it is. And the more efficient your modules, the fewer you need to achieve the wattage you seek in an array. By using less modules, you reduce the overall installed cost of solar.

Solar company Hanergy announced that its thin-film solar modules will cover the 150,000 square meter roof of the ‘Rafael Gallery’ located at a Tech City in Shanghai.

California Governor Jerry Brown proposed spending $59 billion to fix crumbling roads and raising the state’s renewable energy mandate to 50 percent.

Scientists and economists including BP Plc’s former chief executive officer, John Browne, are inviting governments to join a $150 billion program that aims to make clean energy cheaper than coal.

Statkraft opened its renovated and expanded 350-MW Nedre Rossaga hydropower station on Oct. 18.