Ubuntu Security Notice 4711-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
f4ec8d5e13f6ebabd01ab8ec3a0edd91e652d99a1c9951bea7a7b8fc134c23a1Ubuntu Security Notice 4710-1 - Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service.
3f9f38ab4060865d88734c05ff9899a702686eaf27a9c57039f4618d29d60dbdRed Hat Security Advisory 2021-0290-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
bffb5bf750028028f3f455049af796fe361ba8530eac58936ec1c37fdbfbe166Red Hat Security Advisory 2021-0289-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
e290b7f9ccbdbd6f4a76d6919cce3dc6f9d21bc2d6f313ef53fe016edb22cc8dRed Hat Security Advisory 2021-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
7ee63ff4ca1571f12b3ac6936c5ebc8cc834c5d41ced451a3b66a93dedca5160Gentoo Linux Security Advisory 202101-35 - Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS. Versions less than 4.9.6:4.9.6 are affected.
a00d282583eadfe791d654d1c397ac8815321e7719d32ddd9a847d3f7a0b1fe4Gentoo Linux Security Advisory 202101-34 - Multiple vulnerabilities have been found in Telegram, the worst of which could result in information disclosure. Versions less than 2.4.4 are affected.
7f3a9895e5d0bc9e65b4fe51d3316bd5304769d37c03a345e9c1a4b7ea129388WordPress SuperForms plugin version 4.9 suffers from a remote shell upload vulnerability.
d458dde25704ae9a84a9cb8589e1f0919761a65c226dcceea735075c88a51263jQuery UI version 1.12.1 suffers from a denial of service vulnerability.
a55ca73bbc5f68717781c8e410b1c0e9e38ac04872d990743803f483068e5332Ubuntu Security Notice 4709-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
fe94a8f5a2d43d1cda30e40ac4225c3ca772961ef30b275ab465ae19ea4d189eUbuntu Security Notice 4708-1 - Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
ee3ba6a5f1ef72c2c85d181889c74ab4b335aa9c49a0f1b94413ecb7a848dc09Red Hat Security Advisory 2021-0285-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
7b3b2ab866c32b30678789dd948d1aa9e09f1c6c4cfe64efd123306204623d6dUbuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.
c49212b15ccc247d4854bbc03d70b7782b5d16c35cb198deb88dd180603d38b6CMSUno version 1.6.2 authenticated remote code execution exploit. The original discovery for the vulnerability leveraged is attributed to Fatih Celik in November of 2020.
2477146e721d33c19e7c9e103dfd83b0cfc4343413f007eb0260e88e64259065EgavilanMedia PHPCRUD version 1.0 suffers from a persistent cross site scripting vulnerability.
698c586a1a7eeb7ff48dbd8ffc3ab17d4a04e04cb2345f871dc7e60b482e6822Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
a36cd6110a7e972c4b3d78b016825bb5d151b29feba7e2f6a8e74d347e302088Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.
49c51fff2702ea3bb7dc155cf79d48dec6f6a7a00b13a95caf7f36a3f59b319fSTVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.
bda8da5ba4074ffde06a720da61629ec99f9e38178e55525b86f31b97249e06aSTVS ProVision version 5.9.10 suffers from an authenticated reflective cross site scripting vulnerability.
0a9cb640eba6a906669801ecbb7614d41554d0eec07360c9f66358b489afe850STVS ProVision version 5.9.10 suffers from an authenticated file disclosure vulnerability in archive.rb.
01a27757ea3497d36138ec572cd914a1a6377e2a9a85bff332026c247bfe5accRevive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities.
190f88d88bd59a6e458fe50325d73d4011e9b7ef2b33f6962a495f46bb142f9aConstructor.Win32.SpyNet.a malware suffers from a remote password leak vulnerability.
a8647fa25ea94a073c36e5b11757ed872161e6834afb1de8fc29cedd5e1ae2cbBackdoor.Win32.Wollf.14 malware has a backdoor on TCP/7614 that does not require any authentication.
2f11b22f4a81eedb7df75e8958cdd82cecb3055d43ca8789947305c47f9b576aBackdoor.Win32.DarkKomet.apbb malware suffers from an insecure permissions vulnerability.
bab42483355b36852d07949ec88fb2db3f99dc5a28eaccd310b8b92a5ad1af80Gentoo Linux Security Advisory 202101-33 - Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Versions less than 1.9.5_p2 are affected.
3f9611402a5877782d23f9e9d2f5be342e3982b50a70d76d2296d15cc8e96070
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed