Red Hat Security Advisory 2021-1389-01 - OpenLDAP is an open-source suite of Lightweight Directory Access Protocol applications and development tools. LDAP is a set of protocols used to access and maintain distributed directory information services over an IP network. Issues addressed include a null pointer vulnerability.
63d7bd955c0c0b5f897fedb062b27d303ea02234b1da57fbadca0405295a212e
Ubuntu Security Notice 4926-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the browser UI, bypass security restrictions, trick the user into disclosing confidential information, or execute arbitrary code. Various other issues were also addressed.
f55c2332782fe26e72bd86b4970020318554061cc3558a83e9597678bbf3463c
Red Hat Security Advisory 2021-1384-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Issues addressed include a denial of service vulnerability.
b9384c51fa1cd1c88848153f7efda1460bd918ed9f161b7e522e2b0b07d65081
Kimai version 1.14 suffers from a CSV injection vulnerability.
afb42232708cf7c479a931df88973a1686f1c2e59c5995bf6636cc24c9b50abf
Red Hat Security Advisory 2021-1230-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include code execution and deserialization vulnerabilities.
c7d10448a5d29916548625e02af2286811c91fe3d47e52579e3a45663d570cc4
This Metasploit module exploits a pre-auth server-side request forgery (CVE-2021-21975) and post-auth file write (CVE-2021-21983) in VMware vRealize Operations Manager to leak admin creds and write/execute a JSP payload. CVE-2021-21975 affects the /casa/nodes/thumbprints endpoint, and CVE-2021-21983 affects the /casa/private/config/slice/ha/certificate endpoint. Code execution occurs as the "admin" Unix user.
8fb3fd3d2660db09b165a788ebbd4aab98bfde09593d01e190121efb5d69716d
Red Hat Security Advisory 2021-1401-01 - This release of Red Hat Fuse 7.8.1 serves as a patch to Red Hat Fuse on Karaf and Red Hat Fuse on Spring Boot 2, and includes security fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include a bypass vulnerability.
6a37dcbd49aff0b17f539cf95e73580a679208b239007b0e3fe04e49131db793
WordPress WPGraphQL plugin version 1.3.5 suffers from a denial of service vulnerability.
fd8100cf3908043374f8ea4c72265eeed0145c4053e6b5d3a90a8ffba4670edd
Red Hat Security Advisory 2021-1376-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
240032e93bcb7b4ed0735232f82e3b09c775facff14f3a3bea7b130dd3b6a555
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default. In Druid versions prior to 0.20.1, an authenticated user can send a specially-crafted request that both enables the JavaScript code-execution feature and executes the supplied code all at once, allowing for code execution on the server with the privileges of the Druid Server process. More critically, authentication is not enabled in Apache Druid by default.
b298c899e38be69b54163c4da54bb4be979f3abb34cca3c04ac527f6a5c92905
Red Hat Security Advisory 2021-1377-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
ef5f189198155a80dd82a4c1ff695427a03a5f6126ff823378ccca72f3fa0f42
Red Hat Security Advisory 2021-1379-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include buffer overflow, denial of service, out of bounds read, and use-after-free vulnerabilities.
39ae052b6e94164d686c089d8de36b2b2bbf67921f14194ffe304415461aaf6a
Montiorr version 1.7.6m suffers from a cross site scripting vulnerability via a file upload.
5e6dcee09ca3a6208dca09fa733156105f960720d70334ae602f8f337f70aaa0
Red Hat Security Advisory 2021-1373-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
1f4d9d0e249812a79e1d8846ca1ee2bd1ed40eb3dd88b4c6ea3ae28227ac7239