what you don't know can hurt you
Showing 1 - 25 of 75,416 RSS Feed

Advisory Files

Ubuntu Security Notice USN-4991-1
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4991-1 - Yunho Kim discovered that libxml2 incorrectly handled certain error conditions. A remote attacker could exploit this with a crafted XML file to cause a denial of service, or possibly cause libxml2 to expose sensitive information. This issue only affected Ubuntu 14.04 ESM, and Ubuntu 16.04 ESM. Zhipeng Xie discovered that libxml2 incorrectly handled certain XML schemas. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2017-8872, CVE-2019-20388, CVE-2020-24977, CVE-2021-3517, CVE-2021-3537, CVE-2021-3541
MD5 | 3a41fa516f8c9d479efa94e90eb46556
Red Hat Security Advisory 2021-2479-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2479-01 - Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform. Red Hat OpenShift Container Storage is a highly scalable, production-grade persistent storage for stateful applications running in the Red Hat OpenShift Container Platform. Issues addressed include a cross site scripting vulnerability.

tags | advisory, xss
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-13012, CVE-2019-14866, CVE-2019-25013, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-13434, CVE-2020-13543, CVE-2020-13584, CVE-2020-13776, CVE-2020-15358, CVE-2020-24977, CVE-2020-25659, CVE-2020-25678, CVE-2020-26116, CVE-2020-26137, CVE-2020-27618, CVE-2020-27619, CVE-2020-27783, CVE-2020-28196, CVE-2020-29361, CVE-2020-29362, CVE-2020-29363, CVE-2020-36242, CVE-2020-8231
MD5 | ab1ddf71e1b9a05b6be7d4ee52a51220
Ubuntu Security Notice USN-4990-1
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4990-1 - It was discovered that Nettle incorrectly handled RSA decryption. A remote attacker could possibly use this issue to cause Nettle to crash, resulting in a denial of service. It was discovered that Nettle incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. This issue only affected Ubuntu 18.04 LTS. Various other issues were also addressed.

tags | advisory, remote, denial of service
systems | linux, ubuntu
advisories | CVE-2018-16869, CVE-2021-3580
MD5 | 31ccc40b3dc2b69667611056d0d56223
Red Hat Security Advisory 2021-2476-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2476-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.11.0 serves as an update to Red Hat Decision Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
MD5 | c0c8f378f5d9f79ba0df8fb5e29cbed4
Trojan.Win32.Alien.erf Directory Traversal
Posted Jun 17, 2021
Authored by malvuln | Site malvuln.com

Trojan.Win32.Alien.erf malware suffers from a directory traversal vulnerability.

tags | advisory, trojan
systems | windows
MD5 | f6d63b4795935c6b4560e1e95aaafb5f
Red Hat Security Advisory 2021-2475-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2475-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.11.0 serves as an update to Red Hat Process Automation Manager 7.10.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include XML injection, code execution, denial of service, and server-side request forgery vulnerabilities.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, redhat
advisories | CVE-2020-11988, CVE-2020-25649, CVE-2020-26258, CVE-2020-26259, CVE-2021-21341, CVE-2021-21342, CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346, CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350, CVE-2021-21351
MD5 | 22809b1f1c426fc27604e0bd6d4c8b79
Red Hat Security Advisory 2021-2472-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2472-01 - This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-8169, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22901, CVE-2021-31618
MD5 | c308d1b35aaee932e278bfd46fa969df
Red Hat Security Advisory 2021-2469-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2469-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2021-25217
MD5 | b8a126d5e00e78169cf7a064daca3dbe
Red Hat Security Advisory 2021-2471-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2471-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 8 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 7 and includes bug fixes and enhancements. Issues addressed include null pointer and use-after-free vulnerabilities.

tags | advisory, web, vulnerability
systems | linux, redhat
advisories | CVE-2020-8169, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22901, CVE-2021-31618
MD5 | 99808e8e4b3b8e79dea816b2780f6fd5
Red Hat Security Advisory 2021-2467-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2467-01 - GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-27219
MD5 | aa4766d5ede814df047fa9d8ff9e1486
Red Hat Security Advisory 2021-2461-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2461-01 - Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. This advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which fix several bugs and security issues. Issues addressed include denial of service and integer overflow vulnerabilities.

tags | advisory, denial of service, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2016-10228, CVE-2017-14502, CVE-2019-14866, CVE-2019-25013, CVE-2019-25032, CVE-2019-25034, CVE-2019-25035, CVE-2019-25036, CVE-2019-25037, CVE-2019-25038, CVE-2019-25039, CVE-2019-25040, CVE-2019-25041, CVE-2019-25042, CVE-2019-2708, CVE-2019-3842, CVE-2019-9169, CVE-2020-10543, CVE-2020-10878, CVE-2020-12362, CVE-2020-12363, CVE-2020-12364, CVE-2020-13434, CVE-2020-13776, CVE-2020-15358, CVE-2020-24330, CVE-2020-2433
MD5 | 9522e188d5bfa8cd805fe9b2110ffa29
Ubuntu Security Notice USN-4989-2
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4989-2 - USN-4989-1 fixed several vulnerabilities in BlueZ. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Various other issues were also addressed.

tags | advisory, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2020-27153
MD5 | cc5458351241b8662dc901aa7976092e
Ubuntu Security Notice USN-4989-1
Posted Jun 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4989-1 - It was discovered that BlueZ incorrectly checked certain permissions when pairing. A local attacker could possibly use this issue to impersonate devices. Jay LV discovered that BlueZ incorrectly handled redundant disconnect MGMT events. A local attacker could use this issue to cause BlueZ to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-26558, CVE-2020-27153, CVE-2021-3588
MD5 | 9bddaf7808213fef5017a3935246b0ca
Red Hat Security Advisory 2021-2459-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2459-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-33516
MD5 | 53d5467523e76eb2bed2493373e2a86a
Red Hat Security Advisory 2021-2456-01
Posted Jun 17, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2456-01 - Open vSwitch provides standard network bridging functions and support for the OpenFlow protocol for remote per-flow control of traffic. Issues addressed include denial of service and memory leak vulnerabilities.

tags | advisory, remote, denial of service, vulnerability, protocol, memory leak
systems | linux, redhat
advisories | CVE-2020-27827, CVE-2020-35498
MD5 | 665827eab9aba546d93ec2af5b64dcd4
Red Hat Security Advisory 2021-2445-01
Posted Jun 16, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2445-01 - Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. The ceph-ansible package provides Ansible playbooks for installing, maintaining, and upgrading Red Hat Ceph Storage. The tcmu-runner packages provide a service that handles the complexity of the LIO kernel target's userspace passthrough interface. It presents a C plugin API for extension modules that handle SCSI requests in ways not possible or suitable to be handled by LIO's in-kernel backstores. Issues addressed include cross site scripting and remote shell upload vulnerabilities.

tags | advisory, remote, shell, kernel, vulnerability, xss
systems | linux, redhat
advisories | CVE-2020-27839, CVE-2021-20288, CVE-2021-3509
MD5 | 85ea76bb9cb8685462bfec50fb41841f
SAP Solution Manager 7.20 Missing Authorization
Posted Jun 15, 2021
Authored by Nahuel D. Sanchez, Pablo Artuso, Yvan Genuer | Site onapsis.com

Due to a missing authorization check in the SAP Solution Manager version 7.20 LM-SERVICE component, a remote authenticated attacker could be able to execute privileged actions in the affected system, including the execution of operating system commands.

tags | advisory, remote
advisories | CVE-2020-6207
MD5 | 62aaf9c152dbff873c27f124cdf380f7
Red Hat Security Advisory 2021-2439-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2439-01 - Open Liberty is a lightweight open framework for building fast and efficient cloud-native Java microservices. This release of Open Liberty 21.0.0.6 serves as a replacement for Open Liberty 21.0.0.3, and includes a security fix and enhancements. For specific information about this release, see links in the References section. Issues addressed include a cross site request forgery vulnerability.

tags | advisory, java, csrf
systems | linux, redhat
MD5 | 9bb6f3addf2b86cebf3f43a6f505cd70
Red Hat Security Advisory 2021-2417-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2417-01 - GUPnP is an object-oriented open source framework for creating UPnP devices and control points, written in C using GObject and libsoup. The GUPnP API is intended to be easy to use, efficient and flexible.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-33516
MD5 | f3ed50049840e670a29c28c9db60f9a2
SAP XMII Remote Code Execution
Posted Jun 15, 2021
Authored by Nicolas Raus | Site onapsis.com

By abusing a code injection vulnerability in SAP MII, an authenticated user with SAP XMII developer privileges could execute code (including OS commands) on the server. Versions affected include XMII 15.1 lower than SP006 PL 000062, XMII 15.2 lower than SP003 PL 000038, XMII 15.3 lower than SP001 PL 000022, and XMII 15.4 lower than SP001 PL 000007.

tags | advisory
advisories | CVE-2021-21480
MD5 | 6c0712ccd625abe8e6daa45d5c354321
SAP Solution Manager 7.2 Missing Authorization
Posted Jun 15, 2021
Authored by Pablo Artuso, Gonzalo Roisman | Site onapsis.com

Any authenticated user of the SAP Solution Manager version 7.2 is able to craft, upload, and execute EEM scripts on the SMDAgents affecting its integrity, confidentiality and availability.

tags | advisory
advisories | CVE-2020-26830
MD5 | e0fe15ed4b993981dac20120bb468c05
SAP Solution Manager 7.2 File Disclosure / Denial Of Service
Posted Jun 15, 2021
Authored by Pablo Artuso, Gonzalo Roisman | Site onapsis.com

The End-User Experience Monitoring (EEM) application, part of the SAP Solution Manager version 7.2, is vulnerable to path traversal. As a consequence, an unauthorized attacker would be able to read sensitive OS files and affect the availability of the EEM robots connected to the SolMan.

tags | advisory
advisories | CVE-2020-26837
MD5 | 6b12752deb3c15031f424164f4bb3b9f
SAP Wily Introscope Enterprise Default Hard-Coded Credentials
Posted Jun 15, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from having default hard-coded credentials.

tags | advisory
advisories | CVE-2020-6369
MD5 | d13861d3e7212000e317b5eb1f5fb56a
Red Hat Security Advisory 2021-2420-01
Posted Jun 15, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2420-01 - The Dynamic Host Configuration Protocol is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. The dhcp packages provide a relay agent and ISC DHCP service required to enable and administer DHCP on a network. Issues addressed include a buffer overflow vulnerability.

tags | advisory, overflow, protocol
systems | linux, redhat
advisories | CVE-2021-25217
MD5 | 80fc02746735c3bebe00db19e40e6fdc
SAP Wily Introscope Enterprise OS Command Injection
Posted Jun 15, 2021
Authored by Yvan Genuer | Site onapsis.com

SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from a command injection vulnerability.

tags | advisory
advisories | CVE-2020-6364
MD5 | 4b0d282794d5c7c88267eac6caf02689
Page 1 of 3,017
Back12345Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    2 Files
  • 13
    Jun 13th
    1 Files
  • 14
    Jun 14th
    32 Files
  • 15
    Jun 15th
    34 Files
  • 16
    Jun 16th
    9 Files
  • 17
    Jun 17th
    33 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close