Red Hat Security Advisory 2021-3205-01 - A minor version update is now available for Red Hat Camel K that includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include bypass, code execution, denial of service, information leakage, man-in-the-middle, and traversal vulnerabilities.
2c0be2bf30994c0e78e9f0282ebe4ea1c42cf7bd92b633df388b40a2dc8c649cUbuntu Security Notice 5044-1 - It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device initialization failure, leading to a double-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the bluetooth subsystem in the Linux kernel did not properly handle HCI device detach events, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. Various other issues were also addressed.
4c707db347e5e85dd8a2e478b9d34805f370899a49b0eb92b09d5abeb6293712Crime Records Management System version 1.0 suffers from a remote SQL injection vulnerability.
aab3ec0698141d1863877cdc50d2978c56680677d5a902d7f0a76e715b07fdd6Hospital Management System created by kishan0725 suffers from a persistent cross site scripting vulnerability.
fba4631f14e90d73450defe4cb343ab885a20f7605579117cd8b3616832a11e4Ubuntu Security Notice 5043-1 - It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. It was discovered that Exiv2 incorrectly handled certain image files. An attacker could possibly use this issue to cause a denial of service. These issues only affected Ubuntu 20.04 LTS and Ubuntu 21.04. Various other issues were also addressed.
3ac5d046dc916ad450b4a05daee42e21ff86c2bfbdef34c36a1944a33ecff6a2COVID-19 Testing Management System version 1.0 suffers from multiple remote SQL injection vulnerabilities. This is a variant of the original discovery of SQL injection in this version as discovered by Rohit Burke in May of 2021.
4695735f83547741a3f18518c8125d1cef31a63355faaf9bf5a07a8dcf639bf2Ubuntu Security Notice 5042-1 - It was discovered that HAProxy incorrectly handled the HTTP/2 protocol. A remote attacker could possibly use this issue to bypass restrictions.
94f2382720f2438c1b7b3b9cfbfd4ec38d7056358dc4406a6cd5f058990a3ebdDancho Danchev wrote a personal 100 page memoir.
8768965b892b82131fe72867147c1aa8f5bde8ae1c52f43f5116c6cb6e7afd3fRed Hat Security Advisory 2021-3173-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass and out of bounds write vulnerabilities.
6706e39f297e107f1ff1e1751358e3c5457202daa6e0d94e3fed4e3dad19e2f8This Metasploit module exploits an arbitrary file write in Lucee Administrator's imgProcess.cfm file to execute commands as the Tomcat user.
b2e56cd428c174bc04f6acc23c21f34ae6d9df79b2c9d12ca9619993ff6fa4b9Red Hat Security Advisory 2021-3176-01 - The microcode_ctl packages provide microcode updates for Intel. Issues addressed include information leakage and privilege escalation vulnerabilities.
8932c00d1ea2a18dad753111afccfae29397628894b53501893ea1da0c57cfa6Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.
ff665ce121b2952110bd98b9c8741b5593bf6c01ac09033ad848ed92c2510f9aRed Hat Security Advisory 2021-3181-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include bypass and out of bounds write vulnerabilities.
ebd81c13fdd75aa9a29ef494c70017048d00231cdf540dabb309fbc3d526a9f2GeoVision Geowebserver versions 5.3.3 and below suffer from code execution, cross site request forgery, cross site scripting, html injection, and local file inclusion vulnerabilities.
8ccb4bb1b96f86b0ef24cd5e1b36f037c42c2f00bb5ec9a80fedbe4537f7a7abCyberoam NetGenie with a firmware version of C0101B1-20141120-NG11VO suffers from a cross site scripting vulnerability.
b6adbe8f41373524a978e3ba5da89b3b419d9f81d6e0c67dfc136d61cf1eb0c9Red Hat Security Advisory 2021-3172-01 - EDK is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Issues addressed include a buffer overflow vulnerability.
609c017c87e05bf217a92ec96cf8737cd9d418a852c68e6da519e2a08388c375SonicWall NetExtender version 10.2.0.300 suffers from an unquoted service path vulnerability.
ec168adb408da09adcb5e7862e076b884d3773957bfa67dd254e524ff4dff3ceRed Hat Security Advisory 2021-3178-01 - The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources. Issues addressed include a code execution vulnerability.
daec0a33b20477a01639cbec7dbca8fb73275d91a7620baa7d9df982d7e215cbRed Hat Security Advisory 2021-3177-01 - The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.
bc5858fc5f1f5296eb6e29865812ca26f8d9b672609b88740159b349942c8b99Red Hat Security Advisory 2021-3158-01 - Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Issues addressed include a buffer overflow vulnerability.
4063492f1695def3be89c72005f0d2f5ccedc2f4b581146968dda45efc98d20bCOMMAX CVD-Axx DVR version 5.1.4 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and used to disclose the RTSP stream.
b803657ac347af637721c0d8d6c1e09ad231eaf41d9ab12e4c4bac45075a5e15COMMAX Smart Home Ruvie CCTV Bridge DVR Service suffers from unauthenticated configuration writing and denial of service vulnerabilities.
8890c32e87149f67b7a1b84524c7b4a4c6a2e5f6674351a154c33921586bfb06Red Hat Security Advisory 2021-3160-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.13.0. Issues addressed include a use-after-free vulnerability.
5a14a1b122259377b91878a9f1b8ff478a501c8183fa72c3a5a87fe9da8f6707Red Hat Security Advisory 2021-3157-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.13.0 ESR. Issues addressed include a use-after-free vulnerability.
232e4ce09501b709a781cbd4ba355c83717c0f7f075774d95b25e65223428750COMMAX Smart Home Ruvie CCTV Bridge suffers from a credential disclosure vulnerability.
33e9a5c5cc3d38dfc956ed11d44560f9e260a3b7c50d3efbebab8513a5d0476c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed