Apple Security Advisory 2021-09-20-8 - Security Update 2021-005 Catalina addresses buffer overflow, bypass, code execution, denial of service, integer overflow, and out of bounds read vulnerabilities.
2687d56c42a8927b7635267a708d17b5Apple Security Advisory 2021-09-20-7 - macOS Big Sur 11.6 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds read, and use-after-free vulnerabilities.
13241e7baa233f6d334b704ccc309bb8Red Hat Security Advisory 2021-3639-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, information leakage, out of bounds read, path sanitization, and use-after-free vulnerabilities.
5a6e1556beb320c7b2cdb60339017ecfApple Security Advisory 2021-09-20-6 - iOS 14.8 and iPadOS 14.8 addresses code execution, denial of service, integer overflow, and use-after-free vulnerabilities.
d0b20d27dd698353f67f5b99c5b4f169Apple Security Advisory 2021-09-20-5 - Safari 15 addresses code execution vulnerabilities.
93a4864c5af01735024cc4bbeec0c113Apple Security Advisory 2021-09-20-3 - tvOS 15 addresses code execution and denial of service vulnerabilities.
2a65ee90cb42883cbdc49f1886eee02cApple Security Advisory 2021-09-20-2 - watchOS 8 addresses code execution and denial of service vulnerabilities.
6f1bb09438fb5fb13abc7dae30e84382Apple Security Advisory 2021-09-20-1 - iOS 15 and iPadOS 15 addresses code execution, denial of service, out of bounds read, and spoofing vulnerabilities.
ac454972f8217c02f4766e3f06ec4ae6Ubuntu Security Notice 5079-4 - USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.
1f1499ce64825094c67e05b575440d0bRed Hat Security Advisory 2021-3623-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, path sanitization, and use-after-free vulnerabilities.
aef2718168d0043471efaffb0a7aa8baUbuntu Security Notice 5079-3 - USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.
d613fd1d8b4c7978549014ab03c1cdd7Red Hat Security Advisory 2021-3576-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include denial of service and null pointer vulnerabilities.
64ce9fc318faac036a3b05501c035108Apple Security Advisory 2021-09-13-5 - Safari 14.1.2 addresses code execution and use-after-free vulnerabilities.
ee3ea21c4a325b57d5d313a9d6c46f90Apple Security Advisory 2021-09-13-4 - Security Update 2021-005 Catalina addresses code execution and integer overflow vulnerabilities.
c248f2953c61201be45249ced1b1d780Apple Security Advisory 2021-09-13-3 - macOS Big Sur 11.6 addresses code execution, integer overflow, and use-after-free vulnerabilities.
6fea97a81a6c425b6204b6e4cffd6ef6Apple Security Advisory 2021-09-13-2 - watchOS 7.6.2 addresses code execution and integer overflow vulnerabilities.
14a0fe54ef791db99ea92f52a11733a1Apple Security Advisory 2021-09-13-1 - iOS 14.8 and iPadOS 14.8 addresses code execution, integer overflow, and use-after-free vulnerabilities.
2829cb226889d1f9130090e1982fb5e3Ubuntu Security Notice 5071-2 - USN-5071-1 fixed vulnerabilities in the Linux kernel for Ubuntu 20.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 20.04 LTS for Ubuntu 18.04 LTS. Maxim Levitsky and Paolo Bonzini discovered that the KVM hypervisor implementation for AMD processors in the Linux kernel allowed a guest VM to disable restrictions on VMLOAD/VMSAVE in a nested guest. An attacker in a guest VM could use this to read or write portions of the host's physical memory. Various other issues were also addressed.
cf12af9abbb4d82883beda62aa53329aUbuntu Security Notice 5080-2 - USN-5080-1 fixed several vulnerabilities in Libgcrypt. This update provides the corresponding update for Ubuntu 16.04 ESM. It was discovered that Libgcrypt incorrectly handled ElGamal encryption. An attacker could possibly use this issue to recover sensitive information.
260071d69f58b4f7ae80a17219122f52Ubuntu Security Notice 5078-2 - USN-5078-1 fixed several vulnerabilities in Squashfs-Tools. This update provides the corresponding update for Ubuntu 16.04 ESM. Etienne Stalmans discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem. Various other issues were also addressed.
a588bff99e1ad294d4c0a837675bd039Ubuntu Security Notice 5079-2 - USN-5079-1 fixed several vulnerabilities in curl. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.
8dc34c18f171dde2c9ffa8935bcbe7c4AHSS-PHP version 1.0 suffers from cross site scripting and remote SQL injection vulnerabilities.
00674176fa93d01b22d17bb2c4952741Red Hat Security Advisory 2021-3490-01 - An update for python-django20 is now available for Red Hat OpenStack Platform 16.2 (Train). Issues addressed include local file inclusion, remote file inclusion, server-side request forgery, and traversal vulnerabilities.
e7500bc349886d3fb83b1178501b814bUbuntu Security Notice 5077-2 - USN-5077-1 fixed several vulnerabilities in Apport. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Maik M
9b7c13e0f8c97336957240f068c12cddRed Hat Security Advisory 2021-3534-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.9 serves as a replacement for Red Hat Single Sign-On 7.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.
1a4a311583d794fea92d4e9497b13887
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed