An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA version 4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.
183f1463a17d86e57cdffc4bbe68da6feacd0ea4ddea585d5da2223c4199d865The Oracle CPU dated 2020 Jan 14 included patches for various issues related to database links and gateways ("Oracle Heterogeneous Services"). Two vulnerabilities in particular might lead to privilege escalation, denial of service, or code execution attacks against Oracle databases.
a6605ae9ea1c50359727048ada7d1a952d239333c8cbb8a3fb4831930530deb9Red Hat Security Advisory 2021-0384-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include bypass, code execution, and deserialization vulnerabilities.
e70d5ae1eaa6a5cb189092070364ef86d19097a09c20e848053090b3fb5ef0f0Red Hat Security Advisory 2021-0383-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer Application Programming Interface.
0f2614491b0f0b407d81f6d78161d6614632dc266413d7b6b5a023c72328c1e9Red Hat Security Advisory 2021-0381-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer Application Programming Interface. Issues addressed include an XML injection vulnerability.
0326933ac26772d368b4bd4bef05ffbd71afc64484937477309a97415799d61fUbuntu Security Notice 4467-2 - USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
0868d01ddebed6397076e880f2702ccc2a97012fa237ddbde4531198d57bcbeeRed Hat Security Advisory 2021-0338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
2eb94323785fefcf457dce3dc7a38c20ec0ab856e6b06144955ba858ec48bef1Red Hat Security Advisory 2021-0336-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.
7619380b162637f2fa4ceff6aff3bcca659fee3c5189b4f24f9346911791e7d5Red Hat Security Advisory 2021-0346-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Issues addressed include a use-after-free vulnerability.
8e0f0ba4db19926d5fad0fbcf6b140ce5f82efd2091d53bab5a4bb8a953cb1f4Red Hat Security Advisory 2021-0347-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include code execution and out of bounds access vulnerabilities.
629045a9988f8ef11aa0066652be428a8e30f44446bc1442fc65b77753a7511fRed Hat Security Advisory 2021-0343-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include buffer overflow, denial of service, and integer overflow vulnerabilities.
69e70a7c3cc1600a98fd403dd7ea25532c79c86456dc3b04bea2d87b130791a9Red Hat Security Advisory 2021-0348-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer over-read and buffer overflow vulnerabilities.
cef81ff8ec4257da6fdec58d2191db6724579fef2efd89b47732b8c23ece742aRed Hat Security Advisory 2021-0339-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include a buffer overflow vulnerability.
598a64219acf234b0246b821b2a99112c5c1053e1dc87d540f54d9efce1ca5e3Red Hat Security Advisory 2021-0358-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser.
050aa2d502ee9def1ad488e502ae57bb37e6794fd63299e5616ae1b06a379e45Red Hat Security Advisory 2021-0292-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.3.6 serves as a replacement for Red Hat support for Spring Boot 2.3.4, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.
3c53b89283c4d6ed32a97e562755fa31e592b5ddb2776f643ed96c31f31b1ea4Red Hat Security Advisory 2021-0354-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a use-after-free vulnerability.
61fd5b2885db736fff66a1fa2e6b36667dab7cdf7afd0f360c7b88a7f36ab487Red Hat Security Advisory 2021-0329-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.6 serves as a replacement for Red Hat AMQ Broker 7.4.5, and includes security and bug fixes, and enhancements.
7aebc28bc065820dadc5b2176f08b5730ba0f8fd03662cd92fc29a0eb8178b69sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
d567aee3390b39f64215ec7ae53f6b654c28b136b5d2e18629e00b94eb233d06Apple Security Advisory 2021-02-01-4 - watchOS 7.3 addresses bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
10031bf52533df0803ca11c863e02c3a497e43f1d641e66abc9fbfa4c0c7d5a9Apple Security Advisory 2021-02-01-3 - tvOS 14.4 addresses bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
fbe3a08a63c1abe19d2be2033373ff94ef573f1952b8d9d9e1776213c10cd5c3Apple Security Advisory 2021-02-01-2 - iOS 14.4 and iPadOS 14.4 addresses buffer overflow, bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
7e9acf48060dbaf1362f207d51c65c18ce30da922734ce3da64519f3c613e437Apple Security Advisory 2021-02-01-1 - macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave address buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
d08f82faad87bb1fffad789ca91a7f4964a516ce03459af1328487caeb8b9185Ubuntu Security Notice 4717-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code.
3b9ab52dcc9517ea8c5b891e2e9725b743c07f42e6093380c0ab2a5eeb1a9ddfRed Hat Security Advisory 2021-0327-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include memory leak and server-side request forgery vulnerabilities.
8f81203dda62d0a7764d4abbc2827cd3c4b8751aed3447f09505b8eb649e2c3dUbuntu Security Notice 4715-2 - USN-4715-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location. Various other issues were also addressed.
6199f66f5209e1c50a292e4f37bada9901ce9f7db9e57739c89d1de4302b47fb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed