Ubuntu Security Notice 4742-1 - It was discovered that Django incorrectly accepted semicolons as query parameters. A remote attacker could possibly use this issue to perform a Web Cache Poisoning attack.
279bc118d71b269f7d49c712f6ea35c4Red Hat Security Advisory 2021-0619-01 - Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection or to provide an encrypted means of connecting to services that do not natively support encryption.
441a247ebe53b9c200314a189b47d535Red Hat Security Advisory 2021-0618-01 - Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection or to provide an encrypted means of connecting to services that do not natively support encryption.
22ddef1ff00ed8f3e57df4f7e0151467Red Hat Security Advisory 2021-0620-01 - Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection or to provide an encrypted means of connecting to services that do not natively support encryption.
126ba9419fcf4c9d22262fb9349a37caUbuntu Security Notice 4740-1 - It was discovered that Apache Shiro mishandled specially crafted requests. An attacker could use this vulnerability to bypass authentication mechanisms.
d99b67e87de86e39e67a7473af9d2565Red Hat Security Advisory 2021-0611-01 - The xterm program is a terminal emulator for the X Window System. It provides DEC VT102 and Tektronix 4014 compatible terminals for programs that can't use the window system directly.
51f66ed8edce38b19efb2b9c4b34d91eGiven a scenario where an outgoing call is placed from Asterisk to a remote SIP server it is possible for a crash to occur. The code responsible for negotiating SDP in SIP responses incorrectly assumes that SDP negotiation will always be successful. If a SIP response containing an SDP that can not be negotiated is received a subsequent SDP negotiation on the same call can cause a crash.
b4624391a09222a4116bec0705ce80b4Ubuntu Security Notice 4741-1 - It was discovered that Jackson Databind incorrectly handled deserialization. An attacker could possibly use this issue to execute arbitrary code.
e3e7583b332766aed829a8c80c341bffDue to a signedness comparison mismatch, an authenticated WebRTC client could cause a stack overflow and Asterisk crash by sending multiple hold/unhold requests in quick succession.
dc5c07944f96d4d9261f4fc7c3838ebaAn unauthenticated remote attacker could replay SRTP packets which could cause an Asterisk instance configured without strict RTP validation to tear down calls prematurely.
0f76303538e81a54f1a8afa8eb908e23When re-negotiating for T.38 if the initial remote response was delayed just enough Asterisk would send both audio and T.38 in the SDP. If this happened, and the remote responded with a declined T.38 stream then Asterisk would crash.
393c91771be975cf6c93cae48baaac28If a registered user is tricked into dialing a malicious number that sends lots of 181 responses to Asterisk, each one will cause a 181 to be sent back to the original caller with an increasing number of entries in the ???Supported??? header. Eventually the number of entries in the header exceeds the size of the entry array and causes a crash.
ed8e67d55a417eabcbc813bf6eeba9d9Ubuntu Security Notice 4739-1 - A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
a5feb8fa066d0c3a1865f6e0f2147384Ubuntu Security Notice 4738-1 - Paul Kehrer discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Tavis Ormandy discovered that OpenSSL incorrectly handled parsing issuer fields. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. Various other issues were also addressed.
ddd35a00ee36d9b3807f0f94e460031eUbuntu Security Notice 4737-1 - It was discovered that Bind incorrectly handled GSSAPI security policy negotiation. A remote attacker could use this issue to cause Bind to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, attackers would be isolated by the Bind AppArmor profile.
495d4f5b0aec882a3b44b696b0874475Red Hat Security Advisory 2021-0423-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.17. Issues addressed include cross site scripting, denial of service, deserialization, and traversal vulnerabilities.
3fca77b118226960e302f343a05c7bfaIrfanView version 4.57 with WPG.dll version 2.0.0.0 suffer from access violation and out-of-bounds write vulnerabilities that can lead to denial of service or code execution.
02b37449c7de8e532c324136cd98b7faRed Hat Security Advisory 2021-0603-01 - Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business. This release of Red Hat Decision Manager 7.10.0 serves as an update to Red Hat Decision Manager 7.9.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a remote SQL injection vulnerability.
3cb851da470a8ccb90168f60e59028e9Red Hat Security Advisory 2021-0600-01 - Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services. This release of Red Hat Process Automation Manager 7.10.0 serves as an update to Red Hat Process Automation Manager 7.9.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include a remote SQL injection vulnerability.
159710b357810a7aafdf1766517a14d5Ubuntu Security Notice 4734-2 - USN-4734-1 fixed several vulnerabilities in wpa_supplicant. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that wpa_supplicant did not properly handle P2P group information in some situations, leading to a heap overflow. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that hostapd did not properly handle UPnP subscribe messages in some circumstances. An attacker could use this to cause a denial of service. Various other issues were also addressed.
f9aca742cf078ddc6d67314d0dee884cRed Hat Security Advisory 2021-0599-01 - Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol server and command-line utilities for server administration, the Administration Server HTTP agent package, and the GUI console packages. Issues addressed include an information leakage vulnerability.
c1d396f90b610bea999d8674eed927f8Ubuntu Security Notice 4736-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that responses received during the plaintext phase of the STARTTLS connection setup were subsequently evaluated during the encrypted session. A person in the middle could potentially exploit this to perform a response injection attack. Various other issues were also addressed.
f6196100b7e6c3859b8474631f16bf7eRed Hat Security Advisory 2021-0557-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include a denial of service vulnerability.
be081b7bf4fcfb242bf899525f9b3fecRed Hat Security Advisory 2021-0531-01 - The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
00bed27d4c105725459bfc3e15d26bf7Red Hat Security Advisory 2021-0549-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, denial of service, and use-after-free vulnerabilities.
d12e31190f42f1146fa898afa1452587
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed