elFinder versions below 2.1.59 are vulnerable to a command injection vulnerability via its archive functionality. When creating a new zip archive, the name parameter is sanitized with the escapeshellarg() php function and then passed to the zip utility. Despite the sanitization, supplying the -TmTT argument as part of the name parameter is still permitted and enables the execution of arbitrary commands as the www-data user.
eefba941559b0ed45889286a43dda93328d3b84159ce379897131f28b557f0baUbuntu Security Notice 5079-2 - USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.
60550d5e74772413dfb06a565ea32040a3d6110b2dd1c2e451288a6afe7cc288Ubuntu Security Notice 5079-1 - It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.
33a734d871c8bed97d25050dd5bf6ab7df0fb69274d554d1083bd6cb8dc39da0Red Hat Security Advisory 2021-3548-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
f34440cff5dd52d12aa31bc2944cbaba64cc43262880839ccb4109041d1a196dRed Hat Security Advisory 2021-3547-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
d2e1a538fee4ab87f53ee19a0fbe11b5a6d73ce5fe3f7b354441143aa1d36878Red Hat Security Advisory 2021-3546-01 - The Cyrus IMAP server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contacts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. Issues addressed include a denial of service vulnerability.
f906598321e1f6eb52920261111c9632db38f848be1dac81ce1c97c946db901bSupport Board version 3.3.3 suffers from a remote SQL injection vulnerability.
2a74f71dedf3f7f5963bb472329a6c5c3746dec0dee4fe94d195943e60963018Red Hat Security Advisory 2021-3488-01 - Neutron is a virtual network service for OpenStack. Just like OpenStack Nova provides an API to dynamically request and configure virtual servers, Neutron provides an API to dynamically request and configure virtual networks. These networks connect "interfaces" from other OpenStack services. The Neutron API supports extensions to provide advanced network capabilities.
2d5d24721728b8d31b9a5cde4de4186a4a7e8431901691c9e32ca865dbe4227dAHSS-PHP version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
68a392a056a9f2e1e642c82f281adc0a3d69f62cd8340f5fa33f333a57a01d1dRed Hat Security Advisory 2021-3487-01 - An update for etcd is now available for Red Hat OpenStack Platform 16.2 (Train).
76ac3020cd111b90d10112a9f0a7c5fc0b2f30b8931c3f2c0c97c2c382b470e3Evolution CMS version 3.1.6 authenticated remote code execution exploit.
6c074019983619b13238797843a812155737efa47779744d3cb1c2aecb41f06cRed Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
7acd802c838e14356fda2dd84f235e3bbe000e4229b9386b3483399a41ad00f5Ubuntu Security Notice 5078-1 - Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.
29045801f6c03dcd7332efc0bb67025d0097e29be1019ac6339d9f4bf614eaedRemote command execution exploit for Zenitel AlphaCom XE Audio Server versions up to 11.2.3.10 which have a web interface called AlphaWeb XE that allows for a remote shell upload.
74d530912782b4d1135f22f7bda97ec701c5233933221a5a7b8aa9b09cd95217Ubuntu Security Notice 5077-2 - USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maik M
fd7c949255f6b3cb16dcefce0881829ebecf88b6e748a05f60c0b890a73aa4a0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed