Ubuntu Security Notice 5008-1 - Thomas Kremer discovered that Avahi incorrectly handled termination signals on the Unix socket. A local attacker could possibly use this issue to cause Avahi to hang, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. It was discovered that Avahi incorrectly handled certain hostnames. A local attacker could possibly use this issue to cause Avahi to crash, resulting in a denial of service. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. Various other issues were also addressed.
fa0e1e6c77e8b28b0c5d89dca6190efc5b7596e86f1e3bd058c7214eee8549fcUbuntu Security Notice 5006-1 - It was discovered that PHP incorrectly handled certain PHAR files. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service, or possibly obtain sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that PHP incorrectly handled parsing URLs with passwords. A remote attacker could possibly use this issue to cause PHP to mis-parse the URL and produce wrong data. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 20.10. Various other issues were also addressed.
6792ac22a8083ba4b2e659f4b0c17f306cecbe13cf953446ec618208f89b51a6Gentoo Linux Security Advisory 202107-10 - A bug in TCG TPM2 Software Stack may result in information disclosure to a local attacker. Versions less than 2.4.3 are affected.
3fe5df644d0ec5a6bc9e0a7ccc3886717ca9c2e0600632792dfe11867f4b24b9Red Hat Security Advisory 2021-2666-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and use-after-free vulnerabilities.
c70a4fe4e3f4235bf63da6772498e20828139a2c190f8e31d433b493945f95acZeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyber-infrastructure. Zeek's user community includes major universities, research labs, supercomputing centers, and open-science communities. This is the source code release.
33ee6b2aa96d127b7273ce337552bc7b2abf4910aa7a431dfc9ec606a4e233dbOkta Access Gateway version 2020.5.5 suffers from multiple authenticated remote root command injection vulnerabilities.
fde1ff592fc34fc94cc529909b2816a1c21c20b0fb847dc8e826cd07707aeffaRed Hat Security Advisory 2021-2668-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
ef6922d78fe37ca685b8cae5cf75ac29b614e18c9acbcdc958a5470d5277b45aGentoo Linux Security Advisory 202107-13 - Multiple vulnerabilities have been found in GLib, the worst of which could result in the arbitrary execution of code. Versions less than 2.66.8 are affected.
387b8bd25f66bafc50f47b2a5d179a861859911404c2a603f7c1aafe59209851WordPress Plainview Activity Monitor plugin version 20161228 authenticated remote code execution exploit.
1b629fd8e9e33122cb936beab9fbfa2decfb180fdbec35129a79fd96bb42a793Gentoo Linux Security Advisory 202107-12 - Multiple vulnerabilities have been found in Schism Tracker, the worst of which could result in denial of service. Versions less than 20190805 are affected.
b94308abe39a30a8a1e0905c3fd6de06c3d791afdb9293a4f397036d8b244a08Red Hat Security Advisory 2021-2465-01 - This release of Red Hat build of Eclipse Vert.x 4.1.0 includes security updates, bug fixes, and enhancements. For more information, see the release notes listed in the References section. Issues addressed include a traversal vulnerability.
6005ac66ffb30dc22fd8b18e713895854a177da32204495441130060cda89a8bRed Hat Security Advisory 2021-2663-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
c3ea20d83c8a1ba93ed857bf2d5de82980d330a55082b3099d0e85887b6d9b74Ubuntu Security Notice 5007-1 - Eric Sesterhenn discovered that libuv incorrectly handled certain strings. An attacker could possibly use this issue to access sensitive information or cause a crash.
5e12f346ee2c6bc9b4c7c8192c2802a86aeb6368abc36fd8a3f7b2415d0042baGentoo Linux Security Advisory 202107-11 - A vulnerability in OpenDoas could lead to privilege escalation. Versions less than 6.8.1 are affected.
d21b3f8d78fca8f0755bb832fb2ebc728e373c09e58192efd1a06ae64077c3f7Rocket.Chat 3.12.1 unauthenticated NoSQL injection to remote code execution exploit.
6cc7a6718184e75f62ebb827e74fccd6d5ea6f81f3b7154e5d7bcf6d903d1721Red Hat Security Advisory 2021-2664-01 - Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
3330a3a8f21e71168af95b3eb5b28acb9d1031904a1675940242908c9e9eed19Gentoo Linux Security Advisory 202107-9 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. Versions less than 89.0 are affected.
fd7e540014dec51799c795ea15124a7aeab9eaa75d110fd64e60cb85bd739c47Docker Dashboard suffers from a remote command execution vulnerability. The fix is added in commit 79cdc41.
9b77e4733c86f91e56473cf9d0f921975dafea71ff7b3a299b9f700be4daf219Online Covid Vaccination Scheduler System version 1.0 suffers from a remote time-based blind SQL injection vulnerability.
32a4ebe3a2c4d0408162c566f003abfc0258309dc6f2635c17de7c4a2d850b46Red Hat Security Advisory 2021-2658-01 - The linuxptp packages provide Precision Time Protocol implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces offered by the Linux kernel.
4a3890191ea2b09398692181f584deb80791e427e5cde9cf3d7ffbd30d09406cMikroTik RouterOS version 6.x suffers from having multiple null pointer dereference vulnerabilities and a reachable assertion failure.
61fb6d95549c6db4fbf408527ea47e6a0fd075a931405f09c2ed3b080657a245
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed