Ubuntu Security Notice 4912-1 - Piotr Krysiuk discovered that the BPF JIT compiler for x86 in the Linux kernel did not properly validate computation of branch displacements in some situations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that a race condition existed in the binder IPC implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
590166453ec29f1473b4cb64bcf7651991eb909ac482b366e52b4648a1f60409Ubuntu Security Notice 4911-1 - It was discovered that the Nouveau GPU driver in the Linux kernel did not properly handle error conditions in some situations. A local attacker could use this to cause a denial of service. Jan Beulich discovered that the Xen netback backend in the Linux kernel did not properly handle certain error conditions under paravirtualization. An attacker in a guest VM could possibly use this to cause a denial of service. Various other issues were also addressed.
8336eec26b1ad2dee9cca3cab244616269d1178541a9747ac362e10bfbac9d8cUbuntu Security Notice 4909-1 - Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service. Olivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H. Schoenherr discovered that the Xen paravirtualization backend in the Linux kernel did not properly propagate errors to frontend drivers in some situations. An attacker in a guest VM could possibly use this to cause a denial of service. Various other issues were also addressed.
30e20c1b500ac0d72714420edfc6e37a2004db1fe98dcc4cd43e0d45b976cd86Ubuntu Security Notice 4910-1 - Ryota Shiga discovered that the sockopt BPF hooks in the Linux kernel could allow a user space program to probe for valid kernel addresses. A local attacker could use this to ease exploitation of another kernel vulnerability. It was discovered that the BPF verifier in the Linux kernel did not properly handle signed add32 and sub integer overflows. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
8e4b3413e5d7c506ac25a3356a8b323420a5e989c73ed5936ead133c16473039Ubuntu Security Notice 4907-1 - Wen Xu discovered that the xfs file system implementation in the Linux kernel did not properly validate the number of extents in an inode. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service. It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
e6f271c53250cd85b58ae0a960ce36cdd2bc77de858312b8626819778dc8771aUbuntu Security Notice 4904-1 - Ben Harris discovered that the Linux kernel would strip extended privilege attributes of files when performing a failed unprivileged system call. A local attacker could use this to cause a denial of service. Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
dee211f95352464b74d026934cda30979ea961253564ff770b2e04108c3e7b8eUbuntu Security Notice 4906-1 - It was discovered that Nettle incorrectly handled signature verification. A remote attacker could use this issue to cause Nettle to crash, resulting in a denial of service, or possibly force invalid signatures.
86bdfb5fa412692314b5a637ddc0ae040de86955f40b83927a78c3bfe119cce7Red Hat Security Advisory 2021-1171-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
860dbe3265e6dd60504dc28191f8e0d0d6bad6980f8ae9f1ea7c683306955c26Blitar Tourism version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
5b26fd37306595df42bcbaa3d6c11bfe1f7b78f6a974f1c8327cc362804d240aChrome V8 Javascript Engine remote code execution zero day exploit. Google is expected to release an update to their browser on tuesday 04/14/2021 that will address this vulnerability.
1cace43b452705e7d3b72d7ffc4cfa52f96f982d0385e1b41735a6a9d29c96ceRed Hat Security Advisory 2021-1173-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
645304530939554af401b8adfdf031593bd4c368926ad1baaa4e4952b671ccd3ExpressVPN VPN Router version 1.0 suffers from an integer overflow vulnerability.
b4e831ddb8540abc1b6c7a916086bd4635967ec846a396c004b92da90dfc83eaRed Hat Security Advisory 2021-1168-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console-with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include code execution, denial of service, integer overflow, and null pointer vulnerabilities.
cfc0ee4720a885efcdbb629dc90451c511ea3b56ea59530b3ab8554fa0475c01Simple Student Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
3652aab943fa8848b51d0d4650842acd98c0c3cd7d69d0a1769f64b99d864522Native Church Website version 1.0 suffers from a remote shell upload vulnerability.
3f7bab4f6a8033d06b3ee82f309fb950b16ad58de289a7622daede781fe96cf7
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed