Red Hat Security Advisory 2021-0780-01 - Red Hat Ansible Tower 3.8.2-1 has a security and bug fix update. Issues addressed include privilege escalation and traversal vulnerabilities.
273e0643c8b4033a91140a8a18a198caRed Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.
198f85a6d096aab12ca29885a346b930Red Hat Security Advisory 2021-0779-01 - Red Hat Ansible Tower 3.7.5-1 has a security and bug fix update. Issues addressed include HTTP request smuggling and privilege escalation vulnerabilities.
fee4cb4e9b4465aff1ce39f4a6da2053Red Hat Security Advisory 2021-0781-01 - Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, Automation Hub and use-case specific capabilities for Microsoft Windows, network, security, and more, along with Software-as-a-Service -based capabilities and features for organization-wide effectiveness. This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. Issues addressed include code execution, denial of service, and traversal vulnerabilities.
7ba66622f6268d926f6a082440c05ad4OpenCMS version 11.0.2 suffers from cross site request forgery and open redirection vulnerabilities.
ea6c81906090ef0dbb9bc833d8237fc4OpenCMS version 11.0.2 suffers from a remote shell upload vulnerability.
c723d79a8297b3ce3ac3075416c8832fSticky Notes Apps using JavaScript version 1.0 suffers from a persistent cross site scripting vulnerability.
c34812b56f1fa2ae36a2816630cf1b86A remotely exploitable vulnerability exists within HPE System Insight Manager (SIM) version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The vulnerability occurs due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM.
cf8674aaae2451fb617daa09623805e0Red Hat Security Advisory 2021-0765-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and use-after-free vulnerabilities.
88665fa6046fc4f4f643c1c6e8669393Red Hat Security Advisory 2021-0771-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
a8295c6936392a6294e3ebb1157e1ea3Apple Security Advisory 2021-03-08-4 - watchOS 7.3.2 addresses a code execution vulnerability.
e57471ba583baeb6cb1ca308c601959fApple Security Advisory 2021-03-08-3 - Safari 14.0.3* addresses a code execution vulnerability.
70ae5ea9978c9b1d43fd7d5e90a7c55bUbuntu Security Notice 4758-1 - It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting attacks.
9134ad5350739b814653b794341ec8dcUbuntu Security Notice 4760-1 - It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations.
0c1e14501b9ec06c7fc82b3ec0f14485There is an out-of-bounds write vulnerability in WindowsCodecsRaw.dll in the COlympusE300LoadRaw::olympus_e300_load_raw function that can be triggered by parsing a crafted Olympus E300 raw image with Windows Imaging Component (WIC). The vulnerability has been reproduced on Windows 10 64-bit with the most recent patches applied.
815147d984fdba3d24de7e30eaacb8fbUbuntu Security Notice 4759-1 - Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
6b55a2dbfb04e4a2fd60d526f7564062Red Hat Security Advisory 2021-0774-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and use-after-free vulnerabilities.
025aec37b80e7099fb4f174ea60a2ae0Golden FTP Server version 4.70 PASS buffer overflow exploit.
bccefcb188dc7cda02d62312cb607447Red Hat Security Advisory 2021-0763-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and use-after-free vulnerabilities.
42e820cc579d09bc87a51c535a03497bApple Security Advisory 2021-03-08-2 - macOS Big Sur 11.2.3 addresses a code execution vulnerability.
5e399d19afa8e5fadb4f8e8ddc7deb19Ubuntu Security Notice 4733-2 - USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem. Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Various other issues were also addressed.
2086fff33a1cdd7b63c70ff5a6dec675Red Hat Security Advisory 2021-0760-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
ca6c0577b8ff2b5a55cc6622ecf9031aRed Hat Security Advisory 2021-0758-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include out of bounds read and use-after-free vulnerabilities.
d6f8538bef25bda0c2684a62bbcf8d30Sandboxie Plus version 0.7.2 suffers from an unquoted service path vulnerability.
8a7c9bdc588cf139ef26738c06a63266FreeLAN version 2.2 suffers from an unquoted service path vulnerability.
ca36adb7c0621ffb47616b8a51bfcf48
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed