RedTeam Pentesting discovered a vulnerability in the MobileTogether server which allows users with access to at least one application to read arbitrary, non-binary files from the file system and perform server-side requests. The vulnerability can also be used to deny availability of the system. As an example, this advisory shows the compromise of the server's certificate and private key. Versions 7.0 through 7.3 are affected.
81610560b7e43edd2d6f53ac111733795bf655597364a89aa396c6ecce9cab50Red Hat Security Advisory 2021-3079-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration.
ce28515af7aae0ec3d9a1904094af0160a4a78e1c77d914561939146ec73cfcfRed Hat Security Advisory 2021-3073-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
ebc649a9cfcfe5bc93320963ae93b3814e07e16d63af3b83e7b50da6be787f51Red Hat Security Advisory 2021-3076-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Issues addressed include a memory exhaustion vulnerability.
bd0928d110b1751f223ae93d2601bd6c7c5d332259c46f317bcaf06934703394Red Hat Security Advisory 2021-3066-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a buffer overflow vulnerability.
5126f56a7cd4f4495c28989edc495713ed1c7496f8c91aa54894b6c2ca5d5c62Red Hat Security Advisory 2021-3081-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.
68eaed230f872e2957909a41ec878fa6bf773704a953e1279ccad068c1dee6e7Ubuntu Security Notice 5035-1 - It was discovered that GPSd incorrectly handled certain leap second events which would result in the time jumping back 1024 weeks on 2021-10-31.
6f58d85b49611172ff061d7ec5f2a6d2dfc11ad85c47993a234aadca0b7dedf4Simple Library Management System version 1.0 suffers from a remote SQL injection vulnerability.
cf20004ab83c07d8a8ccef57128b904292259fa2eed1a90af53aa03550c04387Red Hat Security Advisory 2021-3061-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, denial of service, and out of bounds access vulnerabilities.
66e0a1ac543249bbe6d765192ae964d7bdf8592d935524bd9c4a35ee66ca180cRed Hat Security Advisory 2021-3074-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, and out of bounds read vulnerabilities.
0a5836ffaa2dfddacea4f831b9e448e6454fe5c8a634c71acecc20ac15b00807Red Hat Security Advisory 2021-3063-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries. Issues addressed include buffer overflow, double free, and integer overflow vulnerabilities.
e1dd3f4af08500c56cf9b81b26e61b01f6679dce116d6b0c75b5d5ad45ddc672WordPress Picture Gallery plugin version 1.4.2 suffers from a persistent cross site scripting vulnerability.
840e7eea026e602c4e5f0cd8ec44d13000d2428e9695b2269ea933974864ca2eRed Hat Security Advisory 2021-3075-01 - libuv is a multi-platform support library with a focus on asynchronous I/O. Issues addressed include information leakage and out of bounds read vulnerabilities.
0f88d591d2ad9648c92a365e00b97d1142ab49aa88b12facaa913df1314f3c04Ubuntu Security Notice 5034-1 - Philipp Jeitner and Haya Shulman discovered that c-ares incorrectly validated certain hostnames returned by DNS servers. A remote attacker could possibly use this issue to perform Domain Hijacking attacks.
f458f3e21f0b136385b4278a91f13b23b253397410de44fb127932612c80f6afFacebook for Android is vulnerable to a permission issue which allows anyone with physical access to the Android device, to accept friend requests without unlocking the phone. Facebook does not consider this a security issue. Version 29.0.0.29.120 on Android 10 is affected.
e54d6e154978012b0aed910e35f2436d413df80ed4bf904c047a72d72574f97fRed Hat Security Advisory 2021-3029-01 - The microcode_ctl packages provide microcode updates for Intel. Issues addressed include information leakage and privilege escalation vulnerabilities.
5b874b801f093a7d2cbd0f40a423a50503597ecdde71a506901ac7c7d8aaa35dRed Hat Security Advisory 2021-3058-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.
2443e37bd1a168f5fb215c49ec2e7d66d1f5b40053711579f70fc472b6ce3c7aRed Hat Security Advisory 2021-3088-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
89b3cd704447ba81f0b1469b2f11523e90e8a2febc7bbe6eca778f311621ad18IPCop version 2.1.9 authenticated remote code execution exploit.
253a1afb3d089bb6e6378edd921b859c1de9f1f083e5b796965e0e2b2287c07bRed Hat Security Advisory 2021-3057-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and privilege escalation vulnerabilities.
430fd835d2bdf1ff571ff110fb4f55ba499c9de4d9b0f89a65b0be15a0229e02Red Hat Security Advisory 2021-3044-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include bypass, out of bounds write, and privilege escalation vulnerabilities.
ae38cf4d315c5c9028eba6e515a52134f57ccd0722c43a727a4f79112a01520aRed Hat Security Advisory 2021-2983-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.8.4. Issues addressed include a memory exhaustion vulnerability.
47c4b2d94f5ea3f070198d00f201c85e170af2f3b7d508bb090f40ac9c00d284WordPress LifterLMS plugin version 4.21.1 suffers from an insecure direct object reference vulnerability.
a9bf8e3988c933dcf42e033244229a8b5073b6a3826a785692f104874ed4a3e5Red Hat Security Advisory 2021-2984-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.4. Issues addressed include a memory exhaustion vulnerability.
7f246bff2e0ae1df63a7138b525e1dfbaefffa51d28c9ee81a167914a3bcf507Red Hat Security Advisory 2021-3042-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, the cargo-vendor plugin, and required libraries. Issues addressed include buffer overflow, double free, and integer overflow vulnerabilities.
8b0ed82496f7136246244671c1ae35eaebe3fecb3163c36af906dc5381cde805
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed