Red Hat Security Advisory 2021-0780-01 - Red Hat Ansible Tower 3.8.2-1 has a security and bug fix update. Issues addressed include privilege escalation and traversal vulnerabilities.
a31c39fa66b6bc6b23e3b19170fc67487d8151e576474565c044fe7a2b50c600Red Hat Security Advisory 2021-0778-01 - Red Hat Ansible Tower 3.6.7-1 has a security and bug fix update. Issues addressed include HTTP request smuggling, code execution, cross site scripting, and privilege escalation vulnerabilities.
b36485939bcc96f4f05a1b61fcc6c6e3aefa7b635d0f1eb06d546cdccf61da2aRed Hat Security Advisory 2021-0779-01 - Red Hat Ansible Tower 3.7.5-1 has a security and bug fix update. Issues addressed include HTTP request smuggling and privilege escalation vulnerabilities.
ffea5b924d380661bcc8195b96557d4036aa09a293d42a21776c1077e68571d1Red Hat Security Advisory 2021-0781-01 - Red Hat Ansible Automation Platform integrates Red Hat's automation suite consisting of Red Hat Ansible Tower, Red Hat Ansible Engine, Automation Hub and use-case specific capabilities for Microsoft Windows, network, security, and more, along with Software-as-a-Service -based capabilities and features for organization-wide effectiveness. This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. Issues addressed include code execution, denial of service, and traversal vulnerabilities.
31eef7ec3b851813c547d30e87efc846893d2cc98b58d36edf0cac10328e2710OpenCMS version 11.0.2 suffers from cross site request forgery and open redirection vulnerabilities.
822b8f0065b6805f519eea0db3bdd50fbdac963c4b2fe17513fa35ed63ad0fbcOpenCMS version 11.0.2 suffers from a remote shell upload vulnerability.
677daee69c339585e3e483f124afa7a3541aba8c93da326dd5aa2267b507a5faSticky Notes Apps using JavaScript version 1.0 suffers from a persistent cross site scripting vulnerability.
234515a691f0b64cd76f2e7cc768f21f6b4a2acd12de1fdfb8d053770977997aA remotely exploitable vulnerability exists within HPE System Insight Manager (SIM) version 7.6.x that can be leveraged by a remote unauthenticated attacker to execute code within the context of HPE System Insight Manager's hpsimsvc.exe process, which runs with administrative privileges. The vulnerability occurs due to a failure to validate data during the deserialization process when a user submits a POST request to the /simsearch/messagebroker/amfsecure page. This module exploits this vulnerability by leveraging an outdated copy of Commons Collection, namely 3.2.2, that ships with HPE SIM, to gain remote code execution as the administrative user running HPE SIM.
345538a899771c26db9d29a59a3850937177e4ce0cf67f8b2233fabdd208dc60Red Hat Security Advisory 2021-0765-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and use-after-free vulnerabilities.
9d5ae1d8d35b1a5772b263eafd110e715d046cae9a1abd6d52ad704d4a354defRed Hat Security Advisory 2021-0771-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
ef9aa1296c0bc89b82b2e15d31d203978bb1db3ff425a57e01c61d3d458fdad1Apple Security Advisory 2021-03-08-4 - watchOS 7.3.2 addresses a code execution vulnerability.
394a31409cba4a2a53e559eeac87dd1f1bd5997788d24ebe3d3472be55abfe7dApple Security Advisory 2021-03-08-3 - Safari 14.0.3* addresses a code execution vulnerability.
056daad30a6a417f08eaa4fac54d0ec1be2030572c0c8c32884e2ba482834106Ubuntu Security Notice 4758-1 - It was discovered that Go applications incorrectly handled uploaded content. If a user were tricked into visiting a malicious page, a remote attacker could exploit this with a crafted file to conduct cross-site scripting attacks.
ec7a75c3d729b70e4e9577e5c347086d722b514785b95d015dc4aca2124b4f2cUbuntu Security Notice 4760-1 - It was discovered that libzstd incorrectly handled file permissions. A local attacker could possibly use this issue to access certain files, contrary to expectations.
da231c5b59cf607585e005397293dd5030a9ea4cd1b95900c27b92b301af5ec2There is an out-of-bounds write vulnerability in WindowsCodecsRaw.dll in the COlympusE300LoadRaw::olympus_e300_load_raw function that can be triggered by parsing a crafted Olympus E300 raw image with Windows Imaging Component (WIC). The vulnerability has been reproduced on Windows 10 64-bit with the most recent patches applied.
d01f7ca6621863dce70b509fef4e28ee4b3568035e8e437b4e161e9285c8ecbbUbuntu Security Notice 4759-1 - Krzesimir Nowak discovered that GLib incorrectly handled certain large buffers. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Kevin Backhouse discovered that GLib incorrectly handled certain memory allocations. A remote attacker could use this issue to cause applications linked to GLib to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
9ebbda8c491911911de0e2130fc1f53d86ce6b12c31e832ce285e5713cbc02f1Red Hat Security Advisory 2021-0774-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and use-after-free vulnerabilities.
82b19c04725220a375efdb20cf793f37f28706b4844b1bad216d068f80b9049cGolden FTP Server version 4.70 PASS buffer overflow exploit.
16159dc816f140941e09c862768fbfab9dfff7504f561762b8f4cadfc2699872Red Hat Security Advisory 2021-0763-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and use-after-free vulnerabilities.
d6c4f4cc417345c363ac874284e3855077ba8015e9d80c87432d7dd4935b704eApple Security Advisory 2021-03-08-2 - macOS Big Sur 11.2.3 addresses a code execution vulnerability.
bd8198deedf32fb4e2673a2e63ea7c5bfc9aca208084d0e40d4dbe7c529df92fUbuntu Security Notice 4733-2 - USN-4733-1 fixed a vulnerability in GNOME Autoar. The upstream fix introduced a regression when extracting archives containing directories. This update fixes the problem. Yiğit Can Yılmaz discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Various other issues were also addressed.
d940f66186c9a81231b49cd7cd38224d1e26adee304caf2ad5e0a94b69075923Red Hat Security Advisory 2021-0760-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.
8ab9a27f59391b5775c4114cc28e1e91a71bab3ef9b57e5d9b1cb360a669e9f5Red Hat Security Advisory 2021-0758-01 - The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Issues addressed include out of bounds read and use-after-free vulnerabilities.
9688ffeab3cce2f1d11ad411d3d167f435089eddaa5bae544cc5dd61710b36a4Sandboxie Plus version 0.7.2 suffers from an unquoted service path vulnerability.
027c2d2cb1346aef2b39f5a9c85ae0bb1762d04de134ed72e1783d8b853b1726FreeLAN version 2.2 suffers from an unquoted service path vulnerability.
3f53b274871be51304399fbf248d45faffabedb5505540ef2befac50fdb80e06
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed