Debian Linux Security Advisory 5000-2 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.
bb28053ed741b4232cf1c304d7a1816d64dc77abf02ef0f7f4318db6ef2a9c3eDebian Linux Security Advisory 5016-1 - Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which could result in denial of service or potentially the execution of arbitrary code.
35d9a4d43f640926eb2420ef777ea504b336ac1a1fd52fd509acd24e3675989fDebian Linux Security Advisory 5017-1 - Multiple vulnerabilities have been discovered in the Xen hypervisor, which could result in privilege escalation, denial of service or information leaks.
b03ae44176b038f17b13a99fe5b85c4cbbb049073a1d6fd36112a4dd59c2a1f2Debian Linux Security Advisory 5018-1 - It was discovered that missing input sanitising in Babel, a set of tools for internationalising Python applications, could result in the execution of arbitrary code.
98ac2d3daff6c67ffc821f77fa08bc03ffd0feffffe4cc5dbc7cb4f49dae0925Debian Linux Security Advisory 5019-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.
32359136e8b8c69c7cbaa7b1295fb6e90e96c697ab48a4d5feafb42140573fb9Debian Linux Security Advisory 5020-1 - Chen Zhaojun of Alibaba Cloud Security Team discovered a critical security vulnerability in Apache Log4j, a popular Logging Framework for Java. JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From version 2.15.0, this behavior has been disabled by default.
d0aca50b8b49a7bc8f1bbb01cb127d84b478f189d829e302cdf52f86f86356a3Debian Linux Security Advisory 5021-1 - Multiple security issues were discovered in MediaWiki, a website engine actions may allow an attacker to leak page content from private wikis or to bypass edit restrictions.
64acb0e0d53c1ffd7659325445b66dd867717b33c34b85f9b34b2a035175fd38Debian Linux Security Advisory 5022-1 - It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack.
116c9375e042795a5cd05bbde2c6ef96ec6f35bfedd5f2a0ee86124fa2903ad1Debian Linux Security Advisory 5023-1 - It was discovered that modsecurity-apache, an Apache module to tighten the Web application security, does not properly handles excessively nested JSON objects, which could result in denial of service. The update introduces a new 'SecRequestBodyJsonDepthLimit' option to limit the maximum request body JSON parsing depth which ModSecurity will accept (defaults to 10000).
3f85c3919db0ef69a9b1f2f2a1881936692b855d1c7c312fa5f4640492138172Debian Linux Security Advisory 5024-1 - It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service.
6a9b4dcb09185e3b07645d5acea3cb02cdd0b78af28c1bc86e76eeee9ec5e90dDebian Linux Security Advisory 5025-1 - A flaw was discovered in tang, a network-based cryptographic binding server, which could result in leak of private keys.
95697656a52607df88e8cffbc50d7665407912d741c613e99b97a16eb9c22c11Debian Linux Security Advisory 5026-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing.
5dd3e34f7a37e68f3bcb4b4e4a624d36721ad43edbf9d5779c29309bb60ce56eDebian Linux Security Advisory 5027-1 - Jan-Niklas Sohn discovered that multiple input validation failures in X server extensions of the X.org X server may result in privilege escalation if the X server is running privileged.
1fa4491f7ca985d9a68534fc21c09385c84455e31ea4bb6920992315357cd622Debian Linux Security Advisory 5028-1 - It was discovered that SPIP, a website engine for publishing, would allow a malicious user to perform cross-site scripting and SQL injection attacks, or execute arbitrary code.
2479cbc37f3297d5aef480ad6ac89e363c4d37a606357f10ca6862fcc47985f2Debian Linux Security Advisory 5029-1 - It was discovered that missing SAML signature validation in the SOGo groupware could result in impersonation attacks.
d7adb0cc8e3cc8561575bbf0cd9635ac207dc970e09a4a77c57078c20429c3aeDebian Linux Security Advisory 5030-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
d4a62f9be8a75b432b8de2152f6a11d80cc78b371126621b47e4d9ce97dec012Debian Linux Security Advisory 5031-1 - The following vulnerabilities have been discovered in the wpewebkit web engine.
3aacd91562be0c8c7c134701ced600adb5a223bb8df850e744c0aae832c9a031Debian Linux Security Advisory 5032-1 - Several vulnerabilities were discovered in djvulibre, a library and set of tools to handle documents in the DjVu format. An attacker could crash document viewers and possibly execute arbitrary code through crafted DjVu files.
710db2d5265ed17e7dc1e4133372755c3e7f19cf33cf56efb99bbc2029c6eaeaDebian Linux Security Advisory 5033-1 - Multiple vulnerabilities were discovered in the FORT RPKI validator, which could result in denial of service or path traversal.
0a9a883cbdb90356d70335092122d591ab37a760e50576176c139fbdaf68e7a5Red Hat Security Advisory 2021-5269-03 - Log4j is a tool to help the programmer output log statements to a variety of output targets. Issues addressed include a code execution vulnerability.
1a3bf9643bff5f397aac54accad2dbf8a98dcdad7ea8b774b7f190cfe524ca1fRed Hat Security Advisory 2021-5238-02 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
03fcb0265966a785783f554582077e70cb5b7d4209ae9099daed4d2ad3bdfc14Red Hat Security Advisory 2021-5235-02 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.
aec25dbc4ecfc1bf4403dd4fb090691e06a2ed10546656d5aebaa8c86ca00684Red Hat Security Advisory 2021-5236-02 - PostgreSQL is an advanced object-relational database management system. Issues addressed include a man-in-the-middle vulnerability.
220c9f7f0e29569a511a0c6e1352d7daaa826796769b89e330415893a11b96feRed Hat Security Advisory 2021-5227-07 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
62ed95294c1adc3418a545a4eb61dbb60682878cf64782acbe8c51cc9cb7eec5Red Hat Security Advisory 2021-5226-02 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library.
341e8a384dadb1d9ed5570ab20fe9a231b6acd8061d1b1df4195235a823c2eba
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed