Ubuntu Security Notice 5213-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
b388cf25ebe5f4b21f0aca6ed66cd21f8f9e1160cb6c47d91e8e6e7d547ea641Backdoor.Win32.SVC malware suffers from a directory traversal vulnerability.
05c438a0ac2cf307710ec5b3160eac7d7d89abddaad943be0c5755ba1eabd8a2Red Hat Security Advisory 2021-5208-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.25.
88f67dac63d92fc84c82531e94bde8ecf9b24f7e33e48e6b0fd021305470e358Backdoor.Win32.SubSeven.c malware suffers from a buffer overflow vulnerability.
b144d19f6fb82c76bc13c410b0519f5167d74b7107927df884316847f76d1ea4Ubuntu Security Notice 5211-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.
282eeeb781851a7025bfcdef141027ce8a8d1d62b572b5512b58d704e9c2fec0Ubuntu Security Notice 5210-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions.
ecb4af237def80337795c4bf285352fb679661f2a5664c504d0f396c762a31eeThe BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c. Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host’s physical memory. Other vulnerabilities have also been addressed.
ddd1e7fc677c2b02d3351058bf31466aa231865f93abfb9cdfa1d1ca55622f8dBackdoor.Win32.Dsklite.a malware suffers from an insecure transit vulnerability that discloses credentials.
07a31454ce6d6a2f215a607a5cf289960faf4bea77a4a6c99e73ae09de3702c5XNU suffers from a heap use-after-free vulnerability in inm_merge.
7157a72995dfa18e7979cab877bfb5645e4f20d9554478a6b0c26d6daae56123Ubuntu Security Notice 5209-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that a race condition existed in the timer implementation in the Linux kernel. A privileged attacker could use this cause a denial of service.
48064c7ea8ce65c4e3051e87cd43253fcf2b6a445eea15418d3b3f219708afbaBackdoor.Win32.SVC malware suffers from a buffer overflow vulnerability.
33da64b823bf57f44b70c1b05fd9b2d9dedbb6e6a1b6ff2e482bf8b52417f6f7Red Hat Security Advisory 2022-0034-01 - Red Hat Single Sign-On 7.5 container images for IBM P/Z, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This is a security update Red Hat Single Sign-On 7.5, and includes one security fix.
899c5aede2bdbf0a841dfc7a5c2c675d9f354dca8bba0d2ae94074c90690b3b4Ubuntu Security Notice 5208-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service.
ea7e5bc5b3961bfb7b88bcc657765481b669c52e08a5c1ef062c1477afed2dbaBackdoor.Win32.Jtram.a malware suffers from a man-in-the-middle vulnerability.
99a6f672f506fbf3f469a114dfee74a33078a5857fe7e061d92fbd1d334b3579Ubuntu Security Notice 5207-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. It was discovered that the eBPF implementation in the Linux kernel contained a race condition around read-only maps. A privileged attacker could use this to modify read-only maps.
63504dd3c2b3abff85b5c8960e3f39b8f7a1ce6773225176a4d31ae19837a516Simple Music Cloud Community System version 1.0 suffers from a remote SQL injection vulnerability.
f47db4d94ab603d1758999a9535dc9de6d6067898eebf8d3632476e46a179912Ubuntu Security Notice 5212-1 - It was discovered that the Apache HTTP Server incorrectly handled certain forward proxy requests. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly perform a Server Side Request Forgery attack. It was discovered that the Apache HTTP Server Lua module incorrectly handled memory in the multipart parser. A remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code.
720562c2963cbcdb5ebd4105b577dec64e35d188b21a7bd642506a9284fda762Backdoor.Win32.Dsklite.a malware suffers from a denial of service vulnerability.
7b82ee1275b9b80130f1f3d7f765bc48ef462b393355df8bbf974342a78ae22cUbuntu Security Notice 5206-1 - Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages.
c97eba91910205966dc031db7489933170175dc1100b5a8fd362273f95d3c14eBackdoor.Win32.Jtram.a malware suffers from an insecure credential storage vulnerability.
2f5c74eca36f0fd53395489812c08c2a5ce033812298a561540e4386695b50ff
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed