Ubuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. Various other issues were also addressed.
38f527bf92212574fd2e8353820dd66e5279bfa5e4f6a13e08dc27aaaf456463
Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a cross site scripting vulnerability.
407dd58a4d56a1577f85a63f8d3249362ebd855a9d2e9461bef124d76718dfe1
Ubuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
18ac1040641e10f745441e19c4e76450403a73af58de924392fb2255e3dfadc1
Kerberos supports a security buffer to set the target SPN of a ticket bypassing the SPN check in LSASS.
1d5d38694b7c25fc61d91a95f2fe8b95d80f7177cbc88c8349db3852e07f5b72
Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
c7ecab2767572bcae7a835e6563b631e2de5bcbbf260dbcf564ddf63104b4342
Trojan.Win32.Alien.erf malware suffers from a directory traversal vulnerability.
187898797e4601317e850c37f6c620bbd5f74a4654555fc78d25559630b54c57
The EditingPageParser.VerifyControlOnSafeList method fails to properly validate user supplied data. This can be leveraged by an attacker to leak sensitive information in rendered-preview content. This module will leak the ViewState validation key and then use it to sign a crafted object that will trigger code execution when deserialized. Tested against SharePoint 2019 and SharePoint 2016, both on Windows Server 2016.
5dcb06868c15ec6031a011204cbd74de26b37669890217421638293a9f77e49b
This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user.
f5c93c1dbb7c46d018f80b02b7e8b65d92e05da4eaa8f1ef27222f385aefb954
Dup Scout version 13.5.28 suffers from an unquoted service path vulnerability.
46e00ea6e0536864a15de7ef2f1c92d0c522210998bedba2fcfa6e9d2496b09b
Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.
44f2a427aa38603abc596c8eab0bea14baf4d87b51fcd63235260362ce1b3c02
Trojan.Win32.Alien.erf malware suffers from a buffer overflow vulnerability.
f21fd4344ef1dd439138a5152b640bde46bdc5db13e058d8e123769d0a088c7b
Unified Office Total Connect Now version 1.0 suffers from a remote SQL injection vulnerability.
91d6e78aae245ee0b32085f6239ac318b8c262de77702459914f9a8c14ee7636
Samsung NPU (Neural Processing Unit) suffers from an out-of-bounds write vulnerability in npu_session_format.
c1b571dff4d7f86aae1597fdb8aa5e8932400ee1c1aed35b56eab3315ec48ed8
Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.
19735da2179172dfd4dafbdef97ffa2abdb672d9b8f5865fe7fd9e743f621ed9
Red Hat Security Advisory 2021-2469-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.
4d8aa7a25595585144567d5cbdbfdefc4c90e617752241da4134ebe5d0702cf1
VeryFitPro version 3.2.8 sends unencrypted cleartext transmission of sensitive information.
9e9f6ef8313838133d2645a4ff7f6a0403b2a9655c9a0a2e6218c1e2d72dce6d
VX Search version 13.5.28 suffers from an unquoted service path vulnerability.
6b72df66fd7a41d276fe6f901c6f3d87ca98c4925e6abc04dbeb1d95072f92a7
Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.
c503b0c9787ff152a79b6411488dd21ecce7fa317d626248d8da273122c8eb96
Zoho ManageEngine ServiceDesk Plus version 9.4 suffers from a user enumeration vulnerability.
870a1afb9f1433380867e92d6f4b12a310e6ee87a00b11040bf6cfbd0e03d858
Red Hat Security Advisory 2021-2467-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
752f04ccd0517bf07ec7c16cfef3f7f83b823887778079aa8802476544f4d0bd
Trojan.Win32.Alien.erf malware suffers from a denial of service vulnerability.
4380aa97f9adf0bb910bb3cfa42237b9395be0068a22b26abe5d95657e0fd714
Workspace ONE Intelligent Hub version 20.3.8.0 suffers from an unquoted service path vulnerability.
fd14fa136fb6f8ab1344d82ce21b7a4f1296f0567897ab234bef268b102b4bfd
Red Hat Security Advisory 2021-2461-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include denial of service and integer overflow vulnerabilities.
4746bce06101c5ed31286fd228a56e6836f518395cd2ec946eedb9ed0a938d38
Whitepaper called Penetration Testing Web Storage (User Experience). Written in Arabic.
ac64e028c271cb652e3c0e80ad58084627611674cb22fcd6bb4a831a7c2fced8
Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.
8720c245ff9d32e615ac12072fd408a3b7ff8626c06e4a6d72353f5814177f3a