An integer overflow and several buffer overflow reads in libyara/modules/macho/macho.c in YARA version 4.0.3 and earlier could allow an attacker to either cause denial of service or information disclosure via a malicious Mach-O file.
183f1463a17d86e57cdffc4bbe68da6feacd0ea4ddea585d5da2223c4199d865
The Oracle CPU dated 2020 Jan 14 included patches for various issues related to database links and gateways ("Oracle Heterogeneous Services"). Two vulnerabilities in particular might lead to privilege escalation, denial of service, or code execution attacks against Oracle databases.
a6605ae9ea1c50359727048ada7d1a952d239333c8cbb8a3fb4831930530deb9
Red Hat Security Advisory 2021-0384-01 - Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat Fuse 6.3 and Red Hat A-MQ 6.3. It includes bug fixes, which are documented in the patch notes accompanying the package on the download page. Issues addressed include bypass, code execution, and deserialization vulnerabilities.
e70d5ae1eaa6a5cb189092070364ef86d19097a09c20e848053090b3fb5ef0f0
Red Hat Security Advisory 2021-0383-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer Application Programming Interface.
0f2614491b0f0b407d81f6d78161d6614632dc266413d7b6b5a023c72328c1e9
Red Hat Security Advisory 2021-0381-01 - The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning. The Manager is a JBoss Application Server application that provides several interfaces through which the virtual environment can be accessed and interacted with, including an Administration Portal, a VM Portal, and a Representational State Transfer Application Programming Interface. Issues addressed include an XML injection vulnerability.
0326933ac26772d368b4bd4bef05ffbd71afc64484937477309a97415799d61f
Ubuntu Security Notice 4467-2 - USN-4467-1 fixed several vulnerabilities in QEMU. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that the QEMU SD memory card implementation incorrectly handled certain memory operations. An attacker inside a guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.
0868d01ddebed6397076e880f2702ccc2a97012fa237ddbde4531198d57bcbee
Red Hat Security Advisory 2021-0338-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include a use-after-free vulnerability.
2eb94323785fefcf457dce3dc7a38c20ec0ab856e6b06144955ba858ec48bef1
Red Hat Security Advisory 2021-0336-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include double free and use-after-free vulnerabilities.
7619380b162637f2fa4ceff6aff3bcca659fee3c5189b4f24f9346911791e7d5
Red Hat Security Advisory 2021-0346-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-ma packages provide the user-space component for running virtual machines that use KVM on the IBM z Systems, IBM Power, and 64-bit ARM architectures. Issues addressed include a use-after-free vulnerability.
8e0f0ba4db19926d5fad0fbcf6b140ce5f82efd2091d53bab5a4bb8a953cb1f4
Red Hat Security Advisory 2021-0347-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include code execution and out of bounds access vulnerabilities.
629045a9988f8ef11aa0066652be428a8e30f44446bc1442fc65b77753a7511f
Red Hat Security Advisory 2021-0343-01 - Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Issues addressed include buffer overflow, denial of service, and integer overflow vulnerabilities.
69e70a7c3cc1600a98fd403dd7ea25532c79c86456dc3b04bea2d87b130791a9
Red Hat Security Advisory 2021-0348-01 - The glibc packages provide the standard C libraries, POSIX thread libraries, standard math libraries, and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Issues addressed include buffer over-read and buffer overflow vulnerabilities.
cef81ff8ec4257da6fdec58d2191db6724579fef2efd89b47732b8c23ece742a
Red Hat Security Advisory 2021-0339-01 - The linux-firmware packages contain all of the firmware files that are required by various devices to operate. Issues addressed include a buffer overflow vulnerability.
598a64219acf234b0246b821b2a99112c5c1053e1dc87d540f54d9efce1ca5e3
Red Hat Security Advisory 2021-0358-01 - The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol, including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base browser.
050aa2d502ee9def1ad488e502ae57bb37e6794fd63299e5616ae1b06a379e45
Red Hat Security Advisory 2021-0292-01 - Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications for OpenShift as a containerized platform. This release of Red Hat support for Spring Boot 2.3.6 serves as a replacement for Red Hat support for Spring Boot 2.3.4, and includes security and bug fixes and enhancements. For more information, see the release notes listed in the References section. Issues addressed include denial of service and remote SQL injection vulnerabilities.
3c53b89283c4d6ed32a97e562755fa31e592b5ddb2776f643ed96c31f31b1ea4
Red Hat Security Advisory 2021-0354-01 - The kernel-alt packages provide the Linux kernel version 4.x. Issues addressed include a use-after-free vulnerability.
61fd5b2885db736fff66a1fa2e6b36667dab7cdf7afd0f360c7b88a7f36ab487
Red Hat Security Advisory 2021-0329-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.4.6 serves as a replacement for Red Hat AMQ Broker 7.4.5, and includes security and bug fixes, and enhancements.
7aebc28bc065820dadc5b2176f08b5730ba0f8fd03662cd92fc29a0eb8178b69
sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.
d567aee3390b39f64215ec7ae53f6b654c28b136b5d2e18629e00b94eb233d06
Apple Security Advisory 2021-02-01-4 - watchOS 7.3 addresses bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
10031bf52533df0803ca11c863e02c3a497e43f1d641e66abc9fbfa4c0c7d5a9
Apple Security Advisory 2021-02-01-3 - tvOS 14.4 addresses bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
fbe3a08a63c1abe19d2be2033373ff94ef573f1952b8d9d9e1776213c10cd5c3
Apple Security Advisory 2021-02-01-2 - iOS 14.4 and iPadOS 14.4 addresses buffer overflow, bypass, code execution, denial of service, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
7e9acf48060dbaf1362f207d51c65c18ce30da922734ce3da64519f3c613e437
Apple Security Advisory 2021-02-01-1 - macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave address buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds read, out of bounds write, and use-after-free vulnerabilities.
d08f82faad87bb1fffad789ca91a7f4964a516ce03459af1328487caeb8b9185
Ubuntu Security Notice 4717-1 - Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, conduct clickjacking attacks, or execute arbitrary code.
3b9ab52dcc9517ea8c5b891e2e9725b743c07f42e6093380c0ab2a5eeb1a9ddf
Red Hat Security Advisory 2021-0327-01 - Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.5 serves as a replacement for Red Hat Single Sign-On 7.4.4, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include memory leak and server-side request forgery vulnerabilities.
8f81203dda62d0a7764d4abbc2827cd3c4b8751aed3447f09505b8eb649e2c3d
Ubuntu Security Notice 4715-2 - USN-4715-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 14.04 ESM. Wang Baohua discovered that Django incorrectly extracted archive files. A remote attacker could possibly use this issue to extract files outside of their expected location. Various other issues were also addressed.
6199f66f5209e1c50a292e4f37bada9901ce9f7db9e57739c89d1de4302b47fb