RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server's certificate and private key. Versions 7.0 through 7.3 are affected.
81610560b7e43edd2d6f53ac111733795bf655597364a89aa396c6ecce9cab50
Red Hat Security Advisory 2021-3079-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.
ce28515af7aae0ec3d9a1904094af0160a4a78e1c77d914561939146ec73cfcf
Red Hat Security Advisory 2021-3073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
ebc649a9cfcfe5bc93320963ae93b3814e07e16d63af3b83e7b50da6be787f51
Red Hat Security Advisory 2021-3076-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a memory exhaustion vulnerability.
bd0928d110b1751f223ae93d2601bd6c7c5d332259c46f317bcaf06934703394
Red Hat Security Advisory 2021-3066-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a buffer overflow vulnerability.
5126f56a7cd4f4495c28989edc495713ed1c7496f8c91aa54894b6c2ca5d5c62
Red Hat Security Advisory 2021-3081-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.
68eaed230f872e2957909a41ec878fa6bf773704a953e1279ccad068c1dee6e7
Ubuntu Security Notice 5035-1 - It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31.
6f58d85b49611172ff061d7ec5f2a6d2dfc11ad85c47993a234aadca0b7dedf4
Simple Library Management System version 1.0 suffers from a remote SQL injection vulnerability.
cf20004ab83c07d8a8ccef57128b904292259fa2eed1a90af53aa03550c04387
Red Hat Security Advisory 2021-3061-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, denial of service, and out of bounds access vulnerabilities.
66e0a1ac543249bbe6d765192ae964d7bdf8592d935524bd9c4a35ee66ca180c
Red Hat Security Advisory 2021-3074-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
0a5836ffaa2dfddacea4f831b9e448e6454fe5c8a634c71acecc20ac15b00807
Red Hat Security Advisory 2021-3063-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Issues addressed include buffer overflow, double free, and integer overflow vulnerabilities.
e1dd3f4af08500c56cf9b81b26e61b01f6679dce116d6b0c75b5d5ad45ddc672
WordPress Picture Gallery plugin version 1.4.2 suffers from a persistent cross site scripting vulnerability.
840e7eea026e602c4e5f0cd8ec44d13000d2428e9695b2269ea933974864ca2e
Red Hat Security Advisory 2021-3075-01 - libuv is a multi-platform support library with a focus on asynchronous I/O. Issues addressed include information leakage and out of bounds read vulnerabilities.
0f88d591d2ad9648c92a365e00b97d1142ab49aa88b12facaa913df1314f3c04
Ubuntu Security Notice 5034-1 - Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use this issue to perform Domain Hijacking attacks.
f458f3e21f0b136385b4278a91f13b23b253397410de44fb127932612c80f6af
Facebook for Android is vulnerable to a permission issue which allows anyone with physical access to the Android device, to accept friend requests without unlocking the phone. Facebook does not consider this a security issue. Version 29.0.0.29.120 on Android 10 is affected.
e54d6e154978012b0aed910e35f2436d413df80ed4bf904c047a72d72574f97f
Red Hat Security Advisory 2021-3029-01 - The microcode_ctl packages provide microcode updates for Intel. Issues addressed include information leakage and privilege escalation vulnerabilities.
5b874b801f093a7d2cbd0f40a423a50503597ecdde71a506901ac7c7d8aaa35d
Red Hat Security Advisory 2021-3058-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
2443e37bd1a168f5fb215c49ec2e7d66d1f5b40053711579f70fc472b6ce3c7a
Red Hat Security Advisory 2021-3088-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
89b3cd704447ba81f0b1469b2f11523e90e8a2febc7bbe6eca778f311621ad18
IPCop version 2.1.9 authenticated remote code execution exploit.
253a1afb3d089bb6e6378edd921b859c1de9f1f083e5b796965e0e2b2287c07b
Red Hat Security Advisory 2021-3057-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and privilege escalation vulnerabilities.
430fd835d2bdf1ff571ff110fb4f55ba499c9de4d9b0f89a65b0be15a0229e02
Red Hat Security Advisory 2021-3044-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
ae38cf4d315c5c9028eba6e515a52134f57ccd0722c43a727a4f79112a01520a
Red Hat Security Advisory 2021-2983-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.4. Issues addressed include a memory exhaustion vulnerability.
47c4b2d94f5ea3f070198d00f201c85e170af2f3b7d508bb090f40ac9c00d284
WordPress LifterLMS plugin version 4.21.1 suffers from an insecure direct object reference vulnerability.
a9bf8e3988c933dcf42e033244229a8b5073b6a3826a785692f104874ed4a3e5
Red Hat Security Advisory 2021-2984-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.4. Issues addressed include a memory exhaustion vulnerability.
7f246bff2e0ae1df63a7138b525e1dfbaefffa51d28c9ee81a167914a3bcf507
Red Hat Security Advisory 2021-3042-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Issues addressed include buffer overflow, double free, and integer overflow vulnerabilities.
8b0ed82496f7136246244671c1ae35eaebe3fecb3163c36af906dc5381cde805