Red Hat Security Advisory 2021-4103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.0 RPMs. Issues addressed include a denial of service vulnerability.
b16c9aa2b8dad7efa4d95e722eb5af9a048a5ff206b58713782979fa88362e44Ubuntu Security Notice 5128-1 - Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. It was discovered that Ceph contained an authentication flaw, leading to key reuse. An attacker could use this to cause a denial of service or possibly impersonate another user. This issue only affected Ubuntu 21.04. Various other issues were also addressed.
27bb8e3234a0eb6c20785c85e3b051d5fba1fadbce8594e9f21d51168b84a3bfi3 International Annexxus Cameras Ax-n version 5.2.0 does not allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account with viewer or operator permissions has been added by the default admin user i3admin, a PUT request can be issued calling the UserPermission endpoint with the ID of created account and set it to admin userType, successfully adding a second administrative account.
3e641781592da07922dd7ee30daf5267b6d7f9b85ed06f3a2968275095a40591Red Hat Security Advisory 2021-4100-01 - This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes. Issues addressed include a cross site scripting vulnerability.
deae863e269d799eb30005e5bf746b6f54654a78cb414a871c14378bede66a03This Metasploit module exploits a privilege escalation vulnerability in Ericsson Network Location Mobile Positioning Systems.
284aef5590fcc1f10a26e571df512ffa20eb2f3e127bfd58c1acdecd315b6627This Metasploit module exploits an arbitrary command execution vulnerability in Ericsson Network Location Mobile Positioning Systems. The export feature in various parts of the application is vulnerable. It is a feature made for the information in the tables to be exported to the server and imported later when required. Export operations contain the file_name parameter. This parameter is assigned as a variable between the server commands on the backend side. It allows command injection.
2b48b3265095eafaddacb4ff1e3bd8e6117f37acaa1faaf23e718d815e6acfc9Red Hat Security Advisory 2021-4097-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.
758e2b7205b8f672f706d3a22dfa85c8e778e9fc973c8ec8e5f7566dbc67b6c6Red Hat Security Advisory 2021-4088-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
a215b64b8f26178237dfbf6dd7cc3e8298fe94f7c33d9ccfc3e6d4fe26168c77Dynojet Power Core version 2.3.0 suffers from an unquoted service path vulnerability.
e405648225214fe6aeae81bc56b6ea13066748ad49bc03e53362bda9f9d2335cRed Hat Security Advisory 2021-4089-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP35.
9b7ee858f3df67a3a5fd8404cc376ca2c033c2f128adef7cf84ab747fe959b64EuskalHack Security Congress Fifth Edition is a new proposal from the EuskalHack Computer Security Association, with the aim to promote the community growth and the culture in the digital security field. As usual, in this new edition proximity to our public and technical quality will be our hallmarks. This exclusive conference is shaping up as the most relevant in Basque Country, with an estimated 180 attendees for this fifth edition. The participants include specialized companies, public organisms, state security organizations, professionals, hobbyists and students in the area of security and Information Technology. The date for the conference is the 24th and 25th of June 2022 in the lovely city of Donostia San Sebastian.
3afb79f9c5c2ee498a58a508b7a49f8cd57ff1c62f0a23ed7a3954d643223070Ubuntu Security Notice 5121-2 - USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that Mailman allows arbitrary content injection. An attacker could use this to inject malicious content. It was discovered that Mailman improperly sanitize the MIME content. An attacker could obtain sensitive information by sending a special type of attachment.
3e1981a243b75d6cb9eb3b871c11554d027734dba3c108e22426fdec3c295c82Employee Record Management System version 1.2 suffers from a remote SQL injection vulnerability.
0c76f2497283f3783f806e17c9609a0f2cf663868fd87d134f053f98eac0af5bRed Hat Security Advisory 2021-4057-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a denial of service vulnerability.
498494042eae465560ec74f9c3db823f41dcb7cc6774fcf32c2be912564c3a6aRed Hat Security Advisory 2021-4059-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
34daf9a24ea61b47c15ef48c2ee9383ee98eca2dd6a85e453275e6f5eab30c3a10-Strike Network Inventory Explorer Pro version 9.31 suffers from a buffer overflow vulnerability.
09972b36dc351d36ebefa789f38df288d48581c444c7dd781846f17473723aeeThis Metasploit module uses an authentication bypass vulnerability in Wordpress Pie Register plugin versions 3.7.1.4 and below to generate a valid cookie. With this cookie, hopefully of the admin, it will generate a plugin, pack the payload into it and upload it to a server running WordPress.
264c63ccfe6e89f9ea56a7b424108e323208432961e4e3c392e667c8ffa32f85Red Hat Security Advisory 2021-4058-01 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
a133e1fbf93b2e2cb24730dfe145275fb62ad97490d6d60115695fcdfb4f3bc3Ubuntu Security Notice 5127-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
cdf7796bdd628fef0a58fb146e91c4833857834bda21b0711d447b2898585451Codiad version 2.8.4 remote reverse shell upload exploit. Original discovery of code execution in this version is attributed to WangYihang in 2018.
edb7153ed233505bbc7bc6f3b4caa69384cf6a58ea0d0e9f192913338883cb82Red Hat Security Advisory 2021-4060-01 - The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Issues addressed include a buffer overflow vulnerability.
530b7877a913e46da445209101b5efc0c7b5c8616f87dfe71f476e1471c78887Red Hat Security Advisory 2021-4056-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
f5630c8273bc84bd86eeae7dc5bd0c1657c5f09e75775d162ffa4ab27e1014a0Red Hat Security Advisory 2021-4044-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Issues addressed include a bypass vulnerability.
55d1ddda946eec32db73b335758e1b3123b72bb5e123dc4017c3b3478b148474Kingdia CD Extractor version 3.0.2 suffers from a SEH buffer overflow vulnerability.
cb3d8977e39c23ae718ea6c10d45dadf8ee93192867d57bd1a755c9ffdc3a518YouTube Video Grabber version 1.9.9.1 suffers from a SEH buffer overflow vulnerability.
158055c10b5036dbb26fe91c7dd8219f5dfeebc9b50a00e2527a80a7b342d1c0
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed