Red Hat Security Advisory 2018-0052-01 - The rhevm-setup-plugins package adds functionality exclusive only to Red Hat Virtualization Manager, and is not available for the upstream ovirt-engine. It includes the configuration of the Red Hat Support plugin, copying downstream-only artifacts to the ISO domain, and links to the knowledgebase and other support material. The following packages have been upgraded to a later upstream version: rhevm-setup-plugins. Multiple security issues have been addressed.
d678c344102afee297f89f4c2059b29ed39418728ac1d53f6dd37834cab614a5
Red Hat Security Advisory 2018-0049-01 - The ovirt-guest-agent-docker package provides the guest agent for Red Hat Linux Atomic Host virtual machines. The guest agent allows the Red Hat Virtualization Manager to receive internal guest events and retrieve information such as the IP address and the list of installed applications from the guest. Additionally the guest agent allows the Manager to execute specific commands, such as shut down or reboot, on guest virtual machines. Security Fix: An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions. There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit. As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks.
d6bc32d089292436d17fded25a7d27d9ca20b3d8cf4a8262aa4af810375f039b
AMD PSP suffers from an fTPM remote code execution vulnerability that can be performed through a crafted EK certificate.
f9c8289131682ca48d57d371a9ee2975ddecf1a6c3fd728766645cc43f6c8cca
GetGo Download Manager version 5.3.0.2712 'proxy' buffer overflow exploit.
4fadb993b7eed6c8c18e3a734bc64b45dffa817c567a353f9cc7ee92acaf3f91
69 bytes small Linux x86 reverse TCP /bin/sh shell null-free shellcode that connects to 127.1.1.1:8888.
a3c037f0e250702af3d83399ecd80e5c840ca64fb89654fe3614909a41547bd4
36 bytes small Linux x86 chmod 777 /etc/sudoers shellcode.
fe8090fe01e94796ba0d98828afbcf34ca9401b21d28f6c4265cc4e210b669b0
Joomla VMap extension version 1.9.2 suffers from a remote SQL injection vulnerability.
3f8510db7d1c035d40862caf9e2a7697ff859c81d650956aa1204650bc3523df
Joomla vRestaurant extension version 1.9.4 suffers from a remote SQL injection vulnerability.
81e386da7525d03bdc5c7855268d520bfbf815dd04d613776eb357e15623c7ae
Joomla CMS Real Estate extension version 1.5 suffers from a remote SQL injection vulnerability.
bae2eb4b5eba14478edbf63d6898cb72b2867e1ac981ef7320d3021612ab9628
Multiple EMC products suffers from authentication bypass, file upload, and path traversal vulnerabilities. Affected includes EMC Avamar Server versions 7.1.x, 7.2.x, 7.3.x, 7.4.x, and 7.5.0, EMC NetWorker Virtual Edition (NVE) versions 9.0.x, 9.1.x, and 9.2.x, and EMC Integrated Data Protection Appliance version 2.0.
3b1a9c35f09b8994e0aefdb074bb7a49a3a33215e86958f118bed2122081ebdc
VideoDuo Video Search Engine PHP script version 3.1 suffers from a cross site scripting vulnerability.
18f5f8ac2db57226e011d68ee30b08e3a24c5f1c249fbf62ea9d980b5e648c88
gps-server.net GPS Tracking Software versions 3.0 and below suffer from remote code injection and password reset vulnerabilities.
30c0124c400a1693d0e840a795c18cda62cc1a17ed81aca850c7e1dbd36eb1da
A Microsoft Windows win32k vulnerability has been discovered where using SetClassLong to switch between CS_CLASSDC and CS_OWNDC corrupts DC cache.
d07a83757124fecff65bbde70f529b29553e02b3ecba86891ac3d31b9a1e3f28
phpRegister version 1.0 suffers from a cross site scripting vulnerability.
ba0c5ed3a8bb28a49b83a7e2d2a0280cf172ea78b388c455bcf5309b39b9fbca
User Login and Management PHP script version 1.0 suffers from a cross site scripting vulnerability.
16742637a2dbc582ac8f88e83c218529db4f3bbbdb82c74a256b4303c8677488