Ubuntu Security Notice 5073-2 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.
73db5d8411c29b8d786d41416069b7ec21b2ce13e2e482965f04c46f510de2e2Red Hat Security Advisory 2021-3556-01 - Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7 and 4.8, and includes security and bug fixes and enhancements.
42f4f7ff781503e879093e45c39f5c6db0ee7bf66f04a76cc6a3a41a08638018This Metasploit module exploits a buffer overflow within the 'action' parameter of the /uapi-cgi/instantrec.cgi page of Geutebruck G-Cam EEC-2xxx and G-Code EBC-21xx, EFD-22xx, ETHC-22xx, and EWPC-22xx devices running firmware versions equal to 1.12.0.27 as well as firmware versions 1.12.13.2 and 1.12.14.5. Successful exploitation results in remote code execution as the root user.
c4e4d56427af88f4e0240499806563abb1fa94b80fc1c5bdc3ba921dbbbafb67Ubuntu Security Notice 5083-1 - It was discovered that Python incorrectly handled certain RFCs. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 ESM. It was discovered that Python incorrectly handled certain server responses. An attacker could possibly use this issue to cause a denial of service.
cf1c664ac3030e4cd34e05174e101afebd1645b1bdeba83b3242a64505d95995Ubuntu Security Notice 5081-1 - It was discovered that Qt incorrectly handled certain XBM image files. If a user or automated system were tricked into opening a specially crafted PPM file, a remote attacker could cause Qt to crash, resulting in a denial of service. It was discovered that Qt incorrectly handled certain graphics operations. If a user or automated system were tricked into performing certain graphics operations, a remote attacker could cause Qt to crash, resulting in a denial of service. Various other issues were also addressed.
2d33fdc2e3a70adb7ebb7092aa51879731e5862fe6e8219e38129030e9d6bc60WordPress WooCommerce Booster plugin version 5.4.3 suffers from an authentication bypass vulnerability.
6869c90de19478042f9edd783554dcdb0189b8f5d60d79f4bb2b39763aa85f33Ubuntu Security Notice 5071-2 - USN-5071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 20.04 LTS for Ubuntu 18.04 LTS. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Various other issues were also addressed.
08286776d53ae93088aee6f142faa0c27c8411ae4ab3530488089971ed861760Library Management System version 1.0 suffers from a remote blind time-based SQL injection vulnerability.
09e215838b64206f4d4119c058c5e284bdd8e98c69dab8b13f7377a4746d602fUbuntu Security Notice 5082-1 - Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory. Various other issues were also addressed.
1691e96b342a299e6c7efc1bf7e7d50d0589e4769c49bd5e499e3b03e5e044c7Cloudron version 6.2 suffers from a cross site scripting vulnerability.
6dd26254a5db463a27e4a4d96e18fc8e0c44493f9ed64caa444e635d4da9cbd0Ubuntu Security Notice 5080-2 - USN-5080-1 fixed several vulnerabilities in Libgcrypt. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information.
2adec80c4681853611b13311e54d0139990e045ac469da689053cded8316e974Simple Attendance System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
7806334a37c19b3dc0822ef989bec01d9416218f67d781a8d9dd72de13a207b9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed