Red Hat Security Advisory 2018-0052-01 - The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhevm-setup-plugins. Multiple security issues have been addressed.
d678c344102afee297f89f4c2059b29ed39418728ac1d53f6dd37834cab614a5Red Hat Security Advisory 2018-0049-01 - The ovirt-guest-agent-docker package provides the guest agent for Red Hat Linux Atomic Host virtual machines. The guest agent allows the Red Hat Virtualization Manager to receive internal guest events and retrieve information such as the IP address and the list of installed applications from the guest. Additionally the guest agent allows the Manager to execute specific commands, such as shut down or reboot, on guest virtual machines. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
d6bc32d089292436d17fded25a7d27d9ca20b3d8cf4a8262aa4af810375f039bAMD PSP suffers from an fTPM remote code execution vulnerability that can be performed through a crafted EK certificate.
f9c8289131682ca48d57d371a9ee2975ddecf1a6c3fd728766645cc43f6c8ccaGetGo Download Manager version 5.3.0.2712 'proxy' buffer overflow exploit.
4fadb993b7eed6c8c18e3a734bc64b45dffa817c567a353f9cc7ee92acaf3f9169 bytes small Linux x86 reverse TCP /bin/sh shell null-free shellcode that connects to 127.1.1.1:8888.
a3c037f0e250702af3d83399ecd80e5c840ca64fb89654fe3614909a41547bd436 bytes small Linux x86 chmod 777 /etc/sudoers shellcode.
fe8090fe01e94796ba0d98828afbcf34ca9401b21d28f6c4265cc4e210b669b0Joomla VMap extension version 1.9.2 suffers from a remote SQL injection vulnerability.
3f8510db7d1c035d40862caf9e2a7697ff859c81d650956aa1204650bc3523dfJoomla vRestaurant extension version 1.9.4 suffers from a remote SQL injection vulnerability.
81e386da7525d03bdc5c7855268d520bfbf815dd04d613776eb357e15623c7aeJoomla CMS Real Estate extension version 1.5 suffers from a remote SQL injection vulnerability.
bae2eb4b5eba14478edbf63d6898cb72b2867e1ac981ef7320d3021612ab9628Multiple EMC products suffers from authentication bypass, file upload, and path traversal vulnerabilities. Affected includes EMC Avamar Server versions 7.1.x, 7.2.x, 7.3.x, 7.4.x, and 7.5.0, EMC NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, and 9.2.x, and EMC Integrated Data Protection Appliance version 2.0.
3b1a9c35f09b8994e0aefdb074bb7a49a3a33215e86958f118bed2122081ebdcVideoDuo Video Search Engine PHP script version 3.1 suffers from a cross site scripting vulnerability.
18f5f8ac2db57226e011d68ee30b08e3a24c5f1c249fbf62ea9d980b5e648c88gps-server.net GPS Tracking Software versions 3.0 and below suffer from remote code injection and password reset vulnerabilities.
30c0124c400a1693d0e840a795c18cda62cc1a17ed81aca850c7e1dbd36eb1daA Microsoft Windows win32k vulnerability has been discovered where using SetClassLong to switch between CS_CLASSDC and CS_OWNDC corrupts DC cache.
d07a83757124fecff65bbde70f529b29553e02b3ecba86891ac3d31b9a1e3f28phpRegister version 1.0 suffers from a cross site scripting vulnerability.
ba0c5ed3a8bb28a49b83a7e2d2a0280cf172ea78b388c455bcf5309b39b9fbcaUser Login and Management PHP script version 1.0 suffers from a cross site scripting vulnerability.
16742637a2dbc582ac8f88e83c218529db4f3bbbdb82c74a256b4303c8677488
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed