Red Hat Security Advisory 2021-2965-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.8 serves as a replacement for Red Hat Single Sign-On 7.4.7, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a cross site scripting vulnerability.
5502336b85746ee81fff7e16aa81cd6f87dfc46e903a7840a4207753910e17e5Ubuntu Security Notice 5026-1 - It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to consume resources, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. It was discovered that QPDF incorrectly handled certain malformed PDF files. A remote attacker could use this issue to cause QPDF to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
cef1580c2afb6cf2bd8a84003d5771f8149f09ba4f18f87176a2615bf4d50261Ubuntu Security Notice 5027-1 - It was discovered that PEAR incorrectly handled symbolic links in archives. A remote attacker could possibly use this issue to execute arbitrary code.
e8f9ded0ced617874263eb0c296a5b75636436070ea49ac10fb48402f22578d3Ubuntu Security Notice 5025-2 - USN-5025-1 fixed a vulnerability in libsndfile. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
71161ce693fd49985174cabbe4b4902ec1c5e2c717f481624564ca59b97f89c6Ubuntu Security Notice 5025-1 - It was discovered that libsndfile incorrectly handled certain malformed files. A remote attacker could use this issue to cause libsndfile to crash, resulting in a denial of service, or possibly execute arbitrary code.
515f197037d9c5f17c04f6f6b1d9c4b1bdf5345da7af723254917f8af7f67453Ubuntu Security Notice 4944-2 - USN-4944-1 fixed vulnerabilities in MariaDB. It caused a regression. This update fixes the problem. Ubuntu 20.04 has been updated to MariaDB 10.3.30.
57c06dee963cb110cc6fde97e455934e8e311a4ead7ce42d1b55a525be6acea3Ubuntu Security Notice 5024-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
14d11292105cb8b94a56279b28094f2991375524c7454e09c1c4271e1819998fDebian Linux Security Advisory 4935-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result an SSRF bypass of the FILTER_VALIDATE_URL check and denial of service or potentially the execution of arbitrary code in the Firebird PDO.
5c5de3d94e5c01e0c46189886df935c5f426216b9c105ee49d6ee312d4327a61Debian Linux Security Advisory 4936-1 - An out-of-bounds read was discovered in the uv__idna_to_ascii() function of Libuv, an asynchronous event notification library, which could result in denial of service or information disclosure.
0a7f33c31a07fc41d5f7ed52fc3b276e5d28bb695e3f697e1e2b15a2cf82bdc9Debian Linux Security Advisory 4937-1 - Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service. In addition the implementation of the MergeSlashes option could result in unexpected behaviour.
2382a13cd727ebe78876d34b5fa53df39e32f618f527a9cd28bf0c55d1282cddDebian Linux Security Advisory 4938-1 - Miroslav Lichvar reported that the ptp4l program in linuxptp, an implementation of the Precision Time Protocol (PTP), does not validate the messageLength field of incoming messages, allowing a remote attacker to cause a denial of service, information leak, or potentially remote code execution.
a2cb5acebab5469fd7930619851a5d96bf30b1019949c76285dfc85a4c4dbe11Debian Linux Security Advisory 4939-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
7b50a15c1add6bc56ecf019ef10497c2efbc1ba43e512c66383a647502a92ccaDebian Linux Security Advisory 4940-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.
a5e3c708266685aeb96e7eac631ca4f2a6eef78065d06f559908a822526ab1d5Debian Linux Security Advisory 4941-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.
9e4606f89d1986908d6e85cb89fbdb57f27c0579df76bf6f6ebb8845f2929900Debian Linux Security Advisory 4942-1 - The Qualys Research Labs discovered that an attacker-controlled allocation using the alloca() function could result in memory corruption, allowing to crash systemd and hence the entire operating system.
a2e04b6dd6b4135945ca528b3aaaa92706651638cca02879f67327677470b03dDebian Linux Security Advisory 4943-1 - Several vulnerabilities were discovered in lemonldap-ng, a Web-SSO system. The flaws could result in information disclosure, authentication bypass, or could allow an attacker to increase its authentication level or impersonate another user, especially when lemonldap-ng is configured to increase authentication level for users authenticated via a second factor.
09d0700a290d154bf2f6f5a21887040e4a7e0ff61710ae283859aaea342ab1fdDebian Linux Security Advisory 4944-1 - It was discovered that the Key Distribution Center (KDC) in krb5, the MIT implementation of Kerberos, is prone to a NULL pointer dereference flaw. An unauthenticated attacker can take advantage of this flaw to cause a denial of service (KDC crash) by sending a request containing a PA-ENCRYPTED-CHALLENGE padata element without using FAST.
42036edebb28009c78bc3526ed1cd53c67ee4d42a4bd26657d2433b71b487a10Debian Linux Security Advisory 4945-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
db3773c5f5bf9c0bc82d8e7414f94ae18cb4a5da421a3c58bb325df00ee051bfDebian Linux Security Advisory 4946-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, resulting in bypass of sandbox restrictions, incorrect validation of signed Jars or information disclosure.
7f41ce213e4d1a4c11df0c9bae9ce5763fd51d9c8a0975b24d5832be5dee34feDebian Linux Security Advisory 4947-1 - Andrea Fioraldi discovered a buffer overflow in libsndfile, a library for reading/writing audio files, which could result in denial of service or potentially the execution of arbitrary code when processing a malformed audio file.
fae8abc77ee669212af806a36de566251697768d968dc6604c4725e5f02ea1c9Red Hat Security Advisory 2021-2932-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
7819eab95b801ee299b0c45f60fb153ccf55a8165bda9a4b92c9e354fa35c7d0Red Hat Security Advisory 2021-2931-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
e59ed91a5edb1ab96597451d6ad951184459cdd8057a7fea7fee363d15069354Red Hat Security Advisory 2021-2438-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include bypass, code execution, denial of service, open redirection, resource exhaustion, and remote shell upload vulnerabilities.
44f1588b77c38919a903c4dffe0b5b58cf96f91a447694471f228851a5f89f6dRed Hat Security Advisory 2021-2437-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.2. Issues addressed include bypass, cross site scripting, and denial of service vulnerabilities.
7ec5b49853d7057879102f37d070eea1a55cf6c1c169311c047cfd931c993a81Ubuntu Security Notice 5023-1 - It was discovered that Aspell incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code or cause a crash.
156bc1c098663f9088bc5c9b80c634b1d8421bedcb765fe98e6cf34acbf961fa
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed