Red Hat Security Advisory 2021-1002-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
a9bc93447ac26caa62d160ea83edfad431d223ed267ceca684f1ebc620b90622Apple Security Advisory 2021-03-26-3 - watchOS 7.3.3 addresses a cross site scripting vulnerability.
2d3b82207d679fc2aab5b632500c62df6acf43d56b9b140cb1f369103d832356Apple Security Advisory 2021-03-26-2 - iOS 12.5.2 addresses a cross site scripting vulnerability.
dacc1e3fa48f1db701018731460aa69380023e4fea23674ae72a0c9cacba26e7Apple Security Advisory 2021-03-26-1 - iOS 14.4.2 and iPadOS 14.4.2 addresses a cross site scripting vulnerability.
d41c9cf22eedd097dfe71ea0899b433c276a159c4028b04acb35cd0b707156b8Debian Linux Security Advisory 4867-1 - Several vulnerabilities have been discovered in the GRUB2 bootloader.
537768c2310ba33e047d7788f7bdfd32c9b759d9df6d5d342d3e6d4c2a7fbb7bDebian Linux Security Advisory 4868-1 - Anton Lydike discovered that sandbox restrictions in Flatpak, an application deployment framework for desktop apps, could by bypassed via a malicious .desktop file.
9246a129a35b9c6ff0025f10d7c8cbe9f8fc504b7cdf776c49781b28a60f4554Debian Linux Security Advisory 4869-1 - Two vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code if malformed image files are processed.
02ab93d0df1861e1b412f9abf35c2b4044cb0ddbd1cc2fbf8ed40edb8de03e72Debian Linux Security Advisory 4870-1 - It was discovered that Pygments, a syntax highlighting package written in Python, could be forced into an infinite loop, resulting in denial of service.
d168d6024abc57c2d5e0952783f82c23c49f389a219f0e26d52a7831ca39575bDebian Linux Security Advisory 4871-1 - Two vulnerabilities were discovered in Tor, a connection-based low-latency anonymous communication system, which could lead to excessive CPU usage or cause a directory authority to crash.
3d959d348b8fbb745dd745f07ba9df635f23a46149893387bdee4ca841c735cdDebian Linux Security Advisory 4872-1 - Toni Huttunen discovered that the Shibboleth service provider's template engine used to render error pages could be abused for phishing attacks.
6455801217000091067c3be2022f9e384336ce95ca83f73e2aed6306dd51c943Debian Linux Security Advisory 4873-1 - Jianjun Chen discovered that the Squid proxy caching server was susceptible to HTTP request smuggling.
dcb85d9bcf6b67567927c2d3c92e0604891c54b5f57172cdee4e9b6640dbdcddDebian Linux Security Advisory 4874-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information disclosure or spoofing attacks.
6cd3d84bb05ea09f2861c694c96bbad37e945fa5766d877edb278eaa2b865e37Debian Linux Security Advisory 4875-1 - A NULL pointer dereference was found in the signature_algorithms processing in OpenSSL, a Secure Sockets Layer toolkit, which could result in denial of service.
3c06d7374d02d3c7cc4b04826876a069de66ce13544c97d7dc498ebc934a37eeDebian Linux Security Advisory 4876-1 - Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure.
1f97e92166976a17da8cad8270152684548a7147977ea4a7f4644cd979d65be9Debian Linux Security Advisory 4877-1 - Vulnerabilities have been discovered in the webkit2gtk web engine.
acdce3423cd9ca597052c1bab085dd29ee46c168a6dd10afa95db660483f9a19Debian Linux Security Advisory 4878-1 - Ben Caller discovered that Pygments, a syntax highlighting package written in Python 3, used regular expressions which could result in denial of service.
5c9ee9c4f43f62b4229c04c226fb1157de6f0f0c08412382a6d97c55e2b1a711Debian Linux Security Advisory 4879-1 - Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios.
5b6d2c5cbe5c49ee34932f51f38015dcbcd6c4604d649325a1c09366a2d270daDebian Linux Security Advisory 4880-1 - Kevin Chung discovered that lxml, a Python binding for the libxml2 and libxslt libraries, did not properly sanitize its input. This would allow a malicious user to mount a cross-site scripting attack.
5a338b50348a8a2cbfdeaaaacc36baa39c17a7577fe75e672133625039e5da13Debian Linux Security Advisory 4881-1 - Multiple vulnerabilities were discovered in cURL, an URL transfer library.
bc9e30e2495c14523abe0253c23adf2b8510b307a08eb0748a5275eab7b6de70Ubuntu Security Notice 4893-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that extensions could open popup windows with control of the window title in some circumstances. If a user were tricked into installing a specially crafted extension, an attacker could potentially exploit this to spook a website and trick the user into providing credentials. Various other issues were also addressed.
8a437523e73ce057daeba48d3be4cef9d369c27add95e3b06c0ce5653d6f38a1Ubuntu Security Notice 4888-2 - USN-4888-1 fixed several vulnerabilities in ldb. This update provides the corresponding update for Ubuntu 14.04 ESM. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain LDAP attributes. A remote attacker could possibly use this issue to cause the LDAP server to crash, resulting in a denial of service. Douglas Bagnall discovered that ldb, when used with Samba, incorrectly handled certain DN strings. A remote attacker could use this issue to cause the LDAP server to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
1f9ebcf4a58058d14bd496752ae31e54fdd7fc5b208273328e23dc9dde43d308Ubuntu Security Notice 3685-2 - USN-3685-1 fixed a vulnerability in Ruby. The fix for CVE-2017-0903 introduced a regression in Ruby. This update fixes the problem.
e7a582a1d121ff1533a65726ffe5c500c137492e966e1ec7c0aec8d1c81203b7Ubuntu Security Notice 4891-1 - It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.
8714c7ff2c3053a074ef8cc312f87835a7b1c3f3372ea751347943c1c7fa9d33Red Hat Security Advisory 2021-0992-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 78.9.0 ESR. Issues addressed include a spoofing vulnerability.
0beb2ace97462de39ed1d992b5064e7d5d9f84b509aa66a9eb5aec5241490152Ubuntu Security Notice 4890-1 - Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly compute a speculative execution limit on pointer arithmetic in some situations. A local attacker could use this to expose sensitive information. Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
b25993fe5d12873c32c2eaf455cfa3c641110f1b5ba08a35d185354f593c26a3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed