An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA version 4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.
ad1922b02eb705629273a6b67632f508The Oracle CPU dated 2020 Jan 14 included patches for various issues related to database links and gateways ("Oracle Heterogeneous Services"). Two vulnerabilities in particular might lead to privilege escalation, denial of service, or code execution attacks against Oracle databases.
1fe163207ad85f89a41dc4ed17e8407fRed Hat Security Advisory 2021-0384-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include bypass, code execution, and deserialization vulnerabilities.
f6b225727d9a2d5b8600a077b541de2eRed Hat Security Advisory 2021-0383-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer Application Programming Interface.
1428076e3792fcdf57297f20f4b20a34Red Hat Security Advisory 2021-0381-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer Application Programming Interface. Issues addressed include an XML injection vulnerability.
92eeb68bad6174b72713cc441d454a82Ubuntu Security Notice 4467-2 - USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
2d14a29a78878b0d667761d1bc1fdd9eRed Hat Security Advisory 2021-0338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
622a677916efe5c5b11e12950ab8bf03Red Hat Security Advisory 2021-0336-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.
f44a5df5279667be9b9e82ed77f90f2eRed Hat Security Advisory 2021-0346-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Issues addressed include a use-after-free vulnerability.
ff71ebeb4616744f4e2e55ba85fc8af8Red Hat Security Advisory 2021-0347-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include code execution and out of bounds access vulnerabilities.
1d5f9973a1bb6bde25d7796739928d55Red Hat Security Advisory 2021-0343-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include buffer overflow, denial of service, and integer overflow vulnerabilities.
fd544b1b601f01432dcbce4b41dc19aaRed Hat Security Advisory 2021-0348-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer over-read and buffer overflow vulnerabilities.
e85163612008c3d9c255694571499d78Red Hat Security Advisory 2021-0339-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include a buffer overflow vulnerability.
c1121ebadf618361c78dc7d7c7d5f45eRed Hat Security Advisory 2021-0358-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser.
99f90f88434e1cc848ac30290cbaa6e7Red Hat Security Advisory 2021-0292-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.3.6 serves as a replacement for Red Hat support for Spring Boot 2.3.4, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.
3195b004179b248a170a409f55ea82faRed Hat Security Advisory 2021-0354-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a use-after-free vulnerability.
b37b38356982e78ff86c720ade552d87Red Hat Security Advisory 2021-0329-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.6 serves as a replacement for Red Hat AMQ Broker 7.4.5, and includes security and bug fixes, and enhancements.
f80f7a60fed112b983708469667aa14fsqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
78c920583fa0ecc1970cdd57b22c5d8cApple Security Advisory 2021-02-01-4 - watchOS 7.3 addresses bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
e29974846f0948218d0d12f3ed760c53Apple Security Advisory 2021-02-01-3 - tvOS 14.4 addresses bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
4bec9d64145fb4645576c79f624ec64dApple Security Advisory 2021-02-01-2 - iOS 14.4 and iPadOS 14.4 addresses buffer overflow, bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
5a08bcdee83129425fd6c1eb6b2dd555Apple Security Advisory 2021-02-01-1 - macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave address buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
5053d838c03981649c5d92e46ec9f06bUbuntu Security Notice 4717-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code.
f6f05555968e4f6500feca7736c8d8bcRed Hat Security Advisory 2021-0327-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include memory leak and server-side request forgery vulnerabilities.
482455568d0c4338e9145918d9311670Ubuntu Security Notice 4715-2 - USN-4715-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location. Various other issues were also addressed.
0f6d0a13f4ace50fe93368e7565d27a5
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed