Ionic Identity Vault versions 4.7 and below suffer from a biometric authentication bypass vulnerability on Android.
0937a4fec4ba4da6536fb54a86bc96cbee6f829e34003327e23d35d71714b309The Rencode python module for object serialization suffers from a 3-byte denial of service vulnerability.
2b0f26cddb8c62317edbd3a3dc98751567b6200fbc46d8a36361929471bed17fUbuntu Security Notice 5068-1 - It was discovered that GD Graphics Library incorrectly handled certain GD and GD2 files. An attacker could possibly use this issue to cause a crash or expose sensitive information. This issue only affected Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, Ubuntu 16.04 ESM, and Ubuntu 14.04 ESM. It was discovered that GD Graphics Library incorrectly handled certain TGA files. An attacker could possibly use this issue to cause a denial of service or expose sensitive information. Various other issues were also addressed.
207d9f248fbcf94e7768c791e2cbb722b0127794051e2f24f86ee92248948cdcUbuntu Security Notice 5067-1 - Jakub Hrozek discovered that SSSD incorrectly handled file permissions. A local attacker could possibly use this issue to read the sudo rules available for any user. This issue only affected Ubuntu 18.04 LTS. It was discovered that SSSD incorrectly handled Group Policy Objects. When SSSD is configured with too strict permissions causing the GPO to not be readable, SSSD will allow all authenticated users to login instead of being denied, contrary to expectations. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.
57bb124cbecf36bdb8d4f0c37b6abc7cd806b1d2b852b746eea1be28e8aa2a43Ubuntu Security Notice 5066-1 - Brian Wolff discovered that PySAML2 incorrectly validated cryptographic signatures. A remote attacker could possibly use this issue to alter SAML documents.
d7da81ba843f246e9b5a60c15d6656c982d8581a1c80ea2e080898c2129d00a6Ubuntu Security Notice 5065-1 - It was discovered that Open vSwitch incorrectly handled decoding RAW_ENCAP actions. A remote attacker could use this issue to cause Open vSwitch to crash, resulting in a denial of service, or possibly execute arbitrary code.
3ee103af555ef817fe1092f9cd4a1fa45427ed530a1657c01ff4a794d462ac9fUbuntu Security Notice 5063-1 - Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks.
f4e2e56ce46b97faa45cc84bab033f1a97ee95fad217db2dccffed7fe8c6e543Ubuntu Security Notice 5064-1 - Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code.
1c3f208bd9baaf2903731af1a7d8c223e7ff4adb68fb8f365acbb430f4bb40f5Red Hat Security Advisory 2021-3471-01 - This release of Red Hat JBoss Enterprise Application Platform 7.3.9 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.8, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.9 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and traversal vulnerabilities.
3320ed0cfba6adb64622cf2b6705b15e39b121c4ac08c653def38d4a4e835ac8Red Hat Security Advisory 2021-3454-01 - Red Hat Advanced Cluster Management for Kubernetes 2.3.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues.
ededc503492f31daf90a74b29a6e64b1e7ee98978cd963f10901af9667484f8eRed Hat Security Advisory 2021-3447-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include an out of bounds access vulnerability.
21758e8d20602709b14092a3a74aa61609c2b08c0cdf3db47ba5c33f5c238629Red Hat Security Advisory 2021-3446-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
11551bfe38e2044b50546e2016efe54060e1f84f42a02916250540ec7bf69bbdRed Hat Security Advisory 2021-3438-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a use-after-free vulnerability.
05463ec4dd3aa1fdef8624a19523910046e01917a7d997674e27fd28d79c9585Red Hat Security Advisory 2021-3441-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include a use-after-free vulnerability.
93451046633f974465f5d09b04fce337d2994bc8f7db322b79be025290fd2e96WordPress TablePress plugin version 1.14 suffers from a csv injection vulnerability.
1acedc9d513152bdb3d177ce061124a34e552895da286fa5f1ac320d6f5b68c8Ubuntu Security Notice 5062-1 - Maxim Levitsky discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel did not properly prevent a guest VM from enabling AVIC in nested guest VMs. An attacker in a guest VM could use this to write to portions of the host's physical memory.
695fad95e14c4fb2603f02416a8dedd1a00f350821a27e281dab93d00d4e7ed3Red Hat Security Advisory 2021-3444-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.
575719fa3dbe06103800a00f34c815470ba521587ac6519e66590ef4249ae702Red Hat Security Advisory 2021-3445-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
446bd9201bc6992ce3edf23b286fb31b8c91ce0f788980354c0391763afff980Red Hat Security Advisory 2021-3443-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.
5b8c3c448287f0064a6a319c7d24ad818587e9199002eb8210b5442d82ba82f7Red Hat Security Advisory 2021-3442-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include privilege escalation and use-after-free vulnerabilities.
8fd04dbe8f09d552e79fbc09b0887b18d18b39f9ca0caf03b6dd1a1df65d43a8Red Hat Security Advisory 2021-3439-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
49c8bac1c69b650bac3f427f257711f30050a5811285b9030018c5bd56d27612Bus Pass Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
39baa7dde3d050c8d0a4d5c1484ee7a16078d03ad08092ddf779721c9657c795
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed