Red Hat Security Advisory 2021-3873-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.9 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console — with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide bug fixes and security fixes. Issues addressed include bypass, denial of service, integer overflow, and out of bounds read vulnerabilities.

Red Hat Security Advisory 2021-3874-01 - Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.

Red Hat Security Advisory 2021-3872-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

Red Hat Security Advisory 2021-3871-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.

i-Panel Administration System version 2.0 suffers from a cross site scripting vulnerability.

WebKit suffers from a heap use-after-free vulnerability in DOMWindow::open.

WebKit suffers from a heap use-after-free vulnerability in EventHandler::keyEvent.

WebKit suffers from a heap use-after-free vulnerability in PointerCaptureController::processPendingPointerCapture.

Yellowfin versions prior to 9.6.1 suffer from persistent cross site scripting and insecure direct object reference vulnerabilities.

IFSC Code Finder Project version 1.0 suffers from a remote SQL injection vulnerability.

Red Hat Security Advisory 2021-3856-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.

TextPattern CMS version 4.8.7 suffers from an authenticated remote shell upload vulnerability.

Red Hat Security Advisory 2021-3851-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.0. Issues addressed include a cross site scripting vulnerability.

SolarWinds Kiwi CatTools version 3.11.8 suffers from an unquoted service path vulnerability.

Whitepaper that gives an overview on brute-forcing login and bypassing account lockout on elabFTW version 1.8.5.

myfactory.FMS versions 7.1-911 and below suffer from a cross site scripting vulnerability.

Red Hat Security Advisory 2021-3841-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.

Red Hat Security Advisory 2021-3838-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Issues addressed include double free and use-after-free vulnerabilities.

Red Hat Security Advisory 2021-3836-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.

Red Hat Security Advisory 2021-3837-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a server-side request forgery vulnerability.

Ubuntu Security Notice 5078-3 - USN-5078-1 fixed a vulnerability in Squashfs-Tools. That update was incomplete and could still result in Squashfs-Tools mishandling certain malformed SQUASHFS files. This update fixes the problem. Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.

Sonicwall SonicOS version 7.0 suffers from a host header injection vulnerability.

Apache HTTP Server version 2.4.50 suffers from path traversal and code execution vulnerabilities.

Red Hat Security Advisory 2021-3819-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.208 and .NET Runtime 5.0.11.