Ubuntu Security Notice 5096-1 - Valentina Palmiotti discovered that the io_uring subsystem in the Linux kernel could be coerced to free adjacent memory. A local attacker could use this to execute arbitrary code. Benedict Schlueter discovered that the BPF subsystem in the Linux kernel did not properly protect against Speculative Store Bypass side- channel attacks in some situations. A local attacker could possibly use this to expose sensitive information. Various other issues were also addressed.
98f615f379d8346abea7dc65ffd543f999a46dbda2ec8a72bcaac4dbaea40126
haveged is a daemon that feeds the /dev/random pool on Linux using an adaptation of the HArdware Volatile Entropy Gathering and Expansion algorithm invented at IRISA. The algorithm is self-tuning on machines with cpuid support, and has been tested in both 32-bit and 64-bit environments. The tarball uses the GNU build mechanism, and includes self test targets and a spec file for those who want to build an RPM.
f882919ccead07ad6687a4784c0c501e617321e96dd0118403464969359cf6ad
Red Hat Security Advisory 2021-3700-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.9.0 serves as a replacement for Red Hat AMQ Broker 7.8.2, and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section. Issues addressed include bypass, denial of service, information leakage, resource exhaustion, and traversal vulnerabilities.
a8a12dcc50fccbe685347bca1c58d45fbfe797cf6ab2e35bef81923f2d3fef9b
PlaceOS version 1.2109.1 suffers from an open redirection vulnerability.
9230fb10c8a88600b3268329baa1ee6acb5f4ae8cd635068dcd1d6419c76b0d3
Ubuntu Security Notice 5095-1 - It was discovered that Apache Commons IO incorrectly handled certain inputs. An attacker could possibly use this issue to expose sensitive information.
7ba660de150df66e90ee6d46d576813e67c78d8bbe0d6e0481c598417e50d1b3
Cmsimple version 5.4 authenticated remote code execution exploit.
9c66365017cd37b01e328c9eadccc39e261944d0e29fb70b25ae5aacd4f85a3a
Red Hat Security Advisory 2021-3694-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.
b1ce9e701282280a5c2dbdfafd7782a607b33f330152c096fdc1e2b3c2debde0
Whitepaper that discusses deserialization of untrusted data in jsoniter.
0ca417e1ce7adae9c50ca05cb6775b57ac7716c04884972cfd2a9cbbb6b0a4a4
WordPress JS Jobs Manager plugin version 1.1.7 suffers from an unauthenticated plugin installation and activation vulnerability.
476b7c83bbaedc72abf814d5c8e7070dcc8f90d29894a855004150ad54d829af
Red Hat Security Advisory 2021-3635-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.32.
cbe740f692bda6a2095dbe1baf9fb403adf7ac1f7060dba615bda02274f3160e
Pharmacy Point of Sale System version 1.0 suffers from multiple remote SQL injection vulnerabilities. Original discovery of SQL injection in this version is attributed to Janik Wehrli in September of 2021.
c48c955fe8392ca3517e9829a5ddffe745c764c0b8977cacae3f618a20d90f0f
This code is a proof-of-concept of the recently revealed Azure Active Directory password brute-forcing vulnerability announced by Secureworks.
776f9c87b943ea490dee90a4f117eb7062122a1a4ccdfcf9e16e09ca2416cd61