Red Hat Security Advisory 2021-0949-01 - Red Hat OpenShift Do is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based and requires no server within the OpenShift cluster for deployment. It detects changes to local code and deploys it to the cluster automatically, giving instant feedback to validate changes in real-time. It supports multiple programming languages and frameworks. Red Hat OpenShift Do openshift/odo-init-image 1.1.3 is a container image that is used as part of the InitContainer setup that provisions odo components.

Red Hat Security Advisory 2021-0948-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Issues addressed include a cross site scripting vulnerability.

Ubuntu Security Notice 4884-1 - Loris Reiff discovered that the BPF implementation in the Linux kernel did not properly validate attributes in the getsockopt BPF hook. A local attacker could possibly use this to cause a denial of service. It was discovered that the priority inheritance futex implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.

MacPaw Encrypto version 1.0.1 suffers from an unquoted service path vulnerability.

Red Hat Security Advisory 2021-0947-01 - The Public Key Infrastructure Core contains fundamental packages required by Red Hat Certificate System. Issues addressed include a cross site scripting vulnerability.

Trojan-Dropper.Win32.Demp.rft malware suffers from an insecure permissions vulnerability.

ProFTPD version 1.3.7a suffers from a denial of service vulnerability.

Ubuntu Security Notice 4883-1 - Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Adam Nichols discovered that the iSCSI subsystem in the Linux kernel did not properly restrict access to iSCSI transport handles. A local attacker could use this to cause a denial of service or expose sensitive information. Various other issues were also addressed.

MyBB version 1.8.25 chain remote command execution exploit that leverages cross site scripting and SQL injection vulnerabilities.

This whitepaper focuses on explaining the Apache Ghostcat vulnerability and how it can be used to read file contents of all web applications deployed on Tomcat.

Whitepaper called Credential Dumping Cheatsheet. It covers locations of data and various tooling you can use to find passwords.

Trojan-Dropper.Win32.Delf.da malware suffers from a buffer overflow vulnerability.

HEUR.Trojan.Win32.Generic malware suffers from an insecure permissions vulnerability.

Red Hat Security Advisory 2021-0946-01 - The OpenJDK 8 container images provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. This release of the Red Hat build of OpenJDK 8 serves as a replacement for the Red Hat build of OpenJDK 8, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

Red Hat Security Advisory 2021-0945-01 - The OpenJDK 11 container images provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat Build of OpenJDK 11 serves as a replacement for the Red Hat Build of OpenJDK 11, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

OSAS Traverse Extension 11 suffers from an unquoted service path vulnerability.

WordPress Delightful Downloads Jquery File Tree plugin versions 1.6.6 and below path traversal exploit.

Trojan-Dropper.Win32.Dycler.vrp malware suffers from an insecure permissions vulnerability.

The call for papers for hardwear.io 2021 is open. It will take place July 9th through the 10th, 2021.

Zoom versions 5.4.3 (54779.1115) and 5.5.4 (13142.0301) temporarily shares other application windows not in scope for sharing.

SAPSetup Automatic Workstation Update Service 750 suffers from an unquoted service path vulnerability.

Winpakpro version 4.8 suffers from multiple unquoted service path vulnerabilities.

CMS Made Simple version 2.2.15 suffers from a remote shell upload vulnerability.

CMS Made Simple version 2.2.15 suffers from a remote SQL injection vulnerability.