Red Hat Security Advisory 2021-2575-01 - The lz4 packages provide support for LZ4, a very fast, lossless compression algorithm that provides compression speeds of 400 MB/s per core and scales with multicore CPUs. It also features an extremely fast decoder that reaches speeds of multiple GB/s per core and typically reaches RAM speed limits on multicore systems. Issues addressed include an integer overflow vulnerability.
56200e1297739d51f029479c4df5d861c1dec1d8099410e52b614d7cacdcb6d9Red Hat Security Advisory 2021-2566-01 - The fwupd packages provide a service that allows session software to update device firmware. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
d91cff7001af0e07e7cf5129e732ca530ae27f982e1b58ec9ae8ca90219abcb6Global Socket is a tool for moving data from here to there, securely, fast, and through NAT and firewalls. It uses the Global Socket Relay Network to connect TCP pipes, has end-to-end encryption (using OpenSSL's SRP / RFC-5054), AES-256 and key exchange using 4096-bit Prime, requires no PKI, has Perfect Forward Secrecy, and TOR support.
70fc96e2f1e0cd752068e94fb4f37b3f19d670243921f76b0f2114578151f1e3Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.
fa2691d5034d7ebef82e3ee380446fc7d0bc640d46b47a92685eba07e382c3c2Red Hat Security Advisory 2021-2569-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. Issues addressed include buffer overflow, bypass, null pointer, and use-after-free vulnerabilities.
873b9476599fa968f75e28a3dca51db0248facef6463ffc862b3db56657f81ecA KVM guest on AMD can launch a L2 guest without the Intercept VMRUN control bit by exploiting a TOCTOU vulnerability in nested_svm_vmrun. Executing vmrun from the L2 guest, will then trigger a second call to nested_svm_vmrun and corrupt svm->nested.hsave with data copied out of the L2 vmcb. For kernel versions that include the commit "2fcf4876: KVM: nSVM: implement on demand allocation of the nested state" (>=5.10), the guest can free the MSR permission bit in svm->nested.msrpm, while it's still in use and gain unrestricted access to host MSRs.
d7d8893258c173535d6129f18da5eea5e87415de98e53b981565c55447d30da4Red Hat Security Advisory 2021-2574-01 - The RPM Package Manager is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Issues addressed include a bypass vulnerability.
85fad7768548d4050ff2eae00d879f29039c165aaded7e3396550c9f9fdd2d3cApache Superset version 1.1.0 suffers from a time-based account enumeration vulnerability.
622b9b81f8fae090e9a3828896e2abc72bfaf7176f467e82f5880b1afaf02605Red Hat Security Advisory 2021-2570-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
2a9c9ce4187f2b3e7df00dc74f8d3ba0576a5cfba1ef7bf4326052e15d55d681Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability.
089fd391bbbeb7b8efda804fd0ad063d9c658488180ed9ca54ab3ba8f1db9424Red Hat Security Advisory 2021-2595-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include a null pointer vulnerability.
1975522b3baf1717754ab183e277b2a8e3714f76e0790a8c6ebc9e98b1d57ba6Red Hat Security Advisory 2021-2588-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, information leakage, and insecure permissions vulnerabilities.
5af35473aa05be14b339ef6700164c127af3a9a9f71ad62e2221b2b6addb8987Red Hat Security Advisory 2021-2587-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include HTTP request smuggling, HTTP response splitting, denial of service, and information leakage vulnerabilities.
5fbf960ff4484cd6f2ef69e135f605145b9a2a39f1b978087c354f225d411a0fDoctors Patients Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
173a1c278f99a012b4fd9bd0e7df68b3ca8c340b947fbdcc8f342ed5a714fd07Red Hat Security Advisory 2021-2591-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a heap corruption vulnerability.
063296efe6ec4ddecef8d49f7c83574f5883cb0e1c3061e0abcb882bf3db323fRed Hat Security Advisory 2021-2584-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a HTTP request smuggling vulnerability.
15b2e047a57627938781b690d083b349e5f03bf97589594bea480a81142efcbaRed Hat Security Advisory 2021-2583-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
f936f54e176c028c5c99fe0e198c2f2a89bc3c8d26bb535d64886a073a2ece21phpAbook version 0.9i suffers from a remote SQL injection vulnerability.
05bafca0cff01769dc9b05d30199563f910ca5a579100695d11ed079fc36b270
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed