This archive contains all of the 137 exploits added to Packet Storm in November, 2021.
17fff5ce91cd2385028fa864df1fd7fa8336400d28b124a54ec241a1307df8e0Red Hat Security Advisory 2021-4801-06 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.38. Issues addressed include a bypass vulnerability.
f43af822fb6c34adec12aba2a891d8c695e324e8bd9710a1cc6fa69484444d0bUbuntu Security Notice 5164-1 - It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the AMD Cryptographic Coprocessor driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
072ff6f683be42c2ac77574912b10db9bfbf82619215f8bc77f155e6839ad298Ubuntu Security Notice 5165-1 - It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface implementation. A local attacker could possibly use this to cause a denial of service or execute arbitrary code. It was discovered that the SCTP protocol implementation in the Linux kernel did not properly verify VTAGs in some situations. A remote attacker could possibly use this to cause a denial of service. Various other issues were also addressed.
a0b01b9f4766a141e1c20c5d99e1ca222d00d4498a726851cff5f6c91eb4780cUbuntu Security Notice 5163-1 - Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information. It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
590c525353cbc5914fc5f14ac97053443f5506f7b87bbe5ee0f01bcb23c98f50Red Hat Security Advisory 2021-4861-06 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
7dbd69f0e97fd21832d1b2e2ba993f10af54561063a247a7e25f83c53a04b080Red Hat Security Advisory 2021-4866-02 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
b9ae55385b475855b606725be732883b6e3057717b093be3a4a2c09200b86949Red Hat Security Advisory 2021-4859-03 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
9eca0fe1572c0cc25417bdd1268807d6c3d53aaa967475e6b3beab6652c90708Red Hat Security Advisory 2021-4875-04 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
7182b04b0c95c9c305f359918990a1f42023f58b97531d86592fbe56852dacb5Red Hat Security Advisory 2021-4871-05 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
b512fabc2f0ea31c77c3c04ecd89595372d88866b57e93e61ded1e641a083c9dRed Hat Security Advisory 2021-4863-06 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.6.0 serves as a replacement for Red Hat JBoss Web Server 5.5.0. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
58f5a47585e63d5de90a2072fe361e8c539c5a335cf05e959d27f16c183a5619MilleGPG5 version 5.7.2 Luglio 2021 suffers from a local privilege escalation vulnerability.
b7b977700841f66627568e41cfc1b520820a9a3b6e18b4e6476a601f3b1579ecNSS (Network Security Services), Mozilla project's cross-platform security library, suffers from a memory corruption flaw when validating ECDSA signatures.
a1b02e73db5dff5112196a0630115a92894c1a5c5871dfbfe6cb9a06a3c35921Ubuntu Security Notice 5162-1 - Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information. It was discovered that the AMD Cryptographic Coprocessor driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
01b7c0559708029a8e272ddba1ab88c8f94f384b8dbf7832fdffea0c12204e66Advanced Comment System version 1.0 suffers from a remote command execution vulnerability.
c0a3ae4e6c5fc614a3b3493700cabba833cdc0542577e6cbd73ffbd226a7b2b9Ubuntu Security Notice 5161-1 - Ilja Van Sprundel discovered that the SCTP implementation in the Linux kernel did not properly perform size validations on incoming packets in some situations. An attacker could possibly use this to expose sensitive information. It was discovered that the AMD Cryptographic Coprocessor driver in the Linux kernel did not properly deallocate memory in some error conditions. A local attacker could use this to cause a denial of service. Various other issues were also addressed.
35333c4428527b3f750e7ef00956677d52b5e606751d753665346da51586f3a3Online Enrollment Management System in PHP and PayPal version 1.0 suffers from a persistent cross site scripting vulnerability.
58b09da437a9db3ee5522fd14065907371363210d686eb9837c10907ebae0b69Red Hat Security Advisory 2021-4851-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.1 serves as a replacement for Red Hat AMQ Broker 7.9.0, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
896841434a724157b334639f2d7ec99a622b7df9099ab77595f12f506035218e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed