Ubuntu Security Notice 4711-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service. Various other issues were also addressed.
f4ec8d5e13f6ebabd01ab8ec3a0edd91e652d99a1c9951bea7a7b8fc134c23a1
Ubuntu Security Notice 4710-1 - Kiyin discovered that the perf subsystem in the Linux kernel did not properly deallocate memory in some situations. A privileged attacker could use this to cause a denial of service.
3f9f38ab4060865d88734c05ff9899a702686eaf27a9c57039f4618d29d60dbd
Red Hat Security Advisory 2021-0290-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
bffb5bf750028028f3f455049af796fe361ba8530eac58936ec1c37fdbfbe166
Red Hat Security Advisory 2021-0289-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
e290b7f9ccbdbd6f4a76d6919cce3dc6f9d21bc2d6f313ef53fe016edb22cc8d
Red Hat Security Advisory 2021-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
7ee63ff4ca1571f12b3ac6936c5ebc8cc834c5d41ced451a3b66a93dedca5160
Gentoo Linux Security Advisory 202101-35 - Multiple vulnerabilities have been found in phpMyAdmin, allowing remote attackers to conduct XSS. Versions less than 4.9.6:4.9.6 are affected.
a00d282583eadfe791d654d1c397ac8815321e7719d32ddd9a847d3f7a0b1fe4
Gentoo Linux Security Advisory 202101-34 - Multiple vulnerabilities have been found in Telegram, the worst of which could result in information disclosure. Versions less than 2.4.4 are affected.
7f3a9895e5d0bc9e65b4fe51d3316bd5304769d37c03a345e9c1a4b7ea129388
WordPress SuperForms plugin version 4.9 suffers from a remote shell upload vulnerability.
d458dde25704ae9a84a9cb8589e1f0919761a65c226dcceea735075c88a51263
jQuery UI version 1.12.1 suffers from a denial of service vulnerability.
a55ca73bbc5f68717781c8e410b1c0e9e38ac04872d990743803f483068e5332
Ubuntu Security Notice 4709-1 - It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. Various other issues were also addressed.
fe94a8f5a2d43d1cda30e40ac4225c3ca772961ef30b275ab465ae19ea4d189e
Ubuntu Security Notice 4708-1 - Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service. It was discovered that the btrfs file system implementation in the Linux kernel did not properly validate file system metadata in some situations. An attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service. Various other issues were also addressed.
ee3ba6a5f1ef72c2c85d181889c74ab4b335aa9c49a0f1b94413ecb7a848dc09
Red Hat Security Advisory 2021-0285-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.7.0 ESR. Issues addressed include an information leakage vulnerability.
7b3b2ab866c32b30678789dd948d1aa9e09f1c6c4cfe64efd123306204623d6d
Ubuntu Security Notice 4705-2 - USN-4705-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. Various other issues were also addressed.
c49212b15ccc247d4854bbc03d70b7782b5d16c35cb198deb88dd180603d38b6
CMSUno version 1.6.2 authenticated remote code execution exploit. The original discovery for the vulnerability leveraged is attributed to Fatih Celik in November of 2020.
2477146e721d33c19e7c9e103dfd83b0cfc4343413f007eb0260e88e64259065
EgavilanMedia PHPCRUD version 1.0 suffers from a persistent cross site scripting vulnerability.
698c586a1a7eeb7ff48dbd8ffc3ab17d4a04e04cb2345f871dc7e60b482e6822
Sifter is a osint, recon, and vulnerability scanner. It combines a plethora of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the blue vulnerabilities within Microsoft systems and if unpatched, exploits them.
a36cd6110a7e972c4b3d78b016825bb5d151b29feba7e2f6a8e74d347e302088
Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 (commit 8255ed69), and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration.
49c51fff2702ea3bb7dc155cf79d48dec6f6a7a00b13a95caf7f36a3f59b319f
STVS ProVision version 5.9.10 suffers from a cross site request forgery vulnerability.
bda8da5ba4074ffde06a720da61629ec99f9e38178e55525b86f31b97249e06a
STVS ProVision version 5.9.10 suffers from an authenticated reflective cross site scripting vulnerability.
0a9cb640eba6a906669801ecbb7614d41554d0eec07360c9f66358b489afe850
STVS ProVision version 5.9.10 suffers from an authenticated file disclosure vulnerability in archive.rb.
01a27757ea3497d36138ec572cd914a1a6377e2a9a85bff332026c247bfe5acc
Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities.
190f88d88bd59a6e458fe50325d73d4011e9b7ef2b33f6962a495f46bb142f9a
Constructor.Win32.SpyNet.a malware suffers from a remote password leak vulnerability.
a8647fa25ea94a073c36e5b11757ed872161e6834afb1de8fc29cedd5e1ae2cb
Backdoor.Win32.Wollf.14 malware has a backdoor on TCP/7614 that does not require any authentication.
2f11b22f4a81eedb7df75e8958cdd82cecb3055d43ca8789947305c47f9b576a
Backdoor.Win32.DarkKomet.apbb malware suffers from an insecure permissions vulnerability.
bab42483355b36852d07949ec88fb2db3f99dc5a28eaccd310b8b92a5ad1af80
Gentoo Linux Security Advisory 202101-33 - Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Versions less than 1.9.5_p2 are affected.
3f9611402a5877782d23f9e9d2f5be342e3982b50a70d76d2296d15cc8e96070