Security Pop Quiz! q84.mp3

News

Packet Storm Security

Security Affairs Looking Glass Cyber securingtomorrow.mcafee.com Quick Heal Threat Post Naked Security ESET CIS Malware Patrol SecList
  • Malicious code in APKPure app
    Malicious code was detected in version 3.17.18 of the APKPure alternative app store for Android. We recommend deleting the infected version and installing APKPure 3.17.19 asap.
MySonicWall

Critical Infrastructure

Case Studies

Tools

Exploits

Last 20 Website Defacements - Zone-h

Press Play to hear the answer!

Advisories

  • Red Hat Security Advisory 2021-1079-01 Fri, 09 Apr 2021 15:06:13 GMT
    Red Hat Security Advisory 2021-1079-01 - Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Data exposure issues have been addressed.
  • Red Hat Security Advisory 2021-1145-01 Fri, 09 Apr 2021 15:06:04 GMT
    Red Hat Security Advisory 2021-1145-01 - Nettle is a cryptographic library that is designed to fit easily in almost any context: In crypto toolkits for object-oriented languages, such as C++, Python, or Pike, in applications like LSH or GNUPG, or even in kernel space.
  • Ubuntu Security Notice USN-4896-2 Thu, 08 Apr 2021 14:20:25 GMT
    Ubuntu Security Notice 4896-2 - USN-4896-1 fixed a vulnerability in lxml. This update provides the corresponding update for Ubuntu 14.04 ESM. It was discovered that lxml incorrectly handled certain HTML attributes. A remote attacker could possibly use this issue to perform cross-site scripting attacks. Various other issues were also addressed.
  • Red Hat Security Advisory 2021-1135-01 Thu, 08 Apr 2021 14:09:29 GMT
    Red Hat Security Advisory 2021-1135-01 - Squid is a high-performance proxy caching server for web clients, supporting FTP, Gopher, and HTTP data objects. Issues addressed include a HTTP request smuggling vulnerability.
  • Red Hat Security Advisory 2021-1129-01 Thu, 08 Apr 2021 14:00:00 GMT
    Red Hat Security Advisory 2021-1129-01 - Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with container images for Red Hat 3scale API Management 2.10.0.
  • Kernel Live Patch Security Notice LSN-0075-1 Wed, 07 Apr 2021 20:34:19 GMT
    Piotr Krysiuk discovered that the BPF subsystem in the Linux kernel did not properly apply speculative execution limits on some pointer types. A local attacker could use this to expose sensitive information (kernel memory). It was discovered that the memory management subsystem in the Linux kernel did not properly handle copy-on-write operations in some situations. A local attacker could possibly use this to gain unintended write access to read-only memory pages. Various other issues were also addressed.
  • Ubuntu Security Notice USN-4903-1 Wed, 07 Apr 2021 20:09:46 GMT
    Ubuntu Security Notice 4903-1 - Viktor Szakats discovered that curl did not strip off user credentials from referrer header fields. A remote attacker could possibly use this issue to obtain sensitive information.
  • Ubuntu Security Notice USN-4901-1 Wed, 07 Apr 2021 20:09:28 GMT
    Ubuntu Security Notice 4901-1 - Adam Nichols discovered that heap overflows existed in the iSCSI subsystem in the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the LIO SCSI target implementation in the Linux kernel performed insufficient identifier checking in certain XCOPY requests. An attacker with access to at least one LUN in a multiple backstore environment could use this to expose sensitive information or modify data. Various other issues were also addressed.
  • Red Hat Security Advisory 2021-1131-01 Wed, 07 Apr 2021 20:09:21 GMT
    Red Hat Security Advisory 2021-1131-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a null pointer vulnerability.
  • Red Hat Security Advisory 2021-1125-01 Wed, 07 Apr 2021 20:08:58 GMT
    Red Hat Security Advisory 2021-1125-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products.
  • Red Hat Security Advisory 2021-1093-01 Wed, 07 Apr 2021 20:08:52 GMT
    Red Hat Security Advisory 2021-1093-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
  • Red Hat Security Advisory 2021-1086-01 Wed, 07 Apr 2021 20:04:50 GMT
    Red Hat Security Advisory 2021-1086-01 - 389 Directory Server is an LDAP version 3 compliant server. The base packages include the Lightweight Directory Access Protocol server and command-line utilities for server administration. Issues addressed include an information leakage vulnerability.
  • Red Hat Security Advisory 2021-1081-01 Wed, 07 Apr 2021 20:04:40 GMT
    Red Hat Security Advisory 2021-1081-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds read, and use-after-free vulnerabilities.
  • Ubuntu Security Notice USN-4902-1 Tue, 06 Apr 2021 14:37:23 GMT
    Ubuntu Security Notice 4902-1 - Dennis Brinkrolf discovered that Django incorrectly handled certain filenames. A remote attacker could possibly use this issue to create or overwrite files in unexpected directories.
  • Ubuntu Security Notice USN-4561-2 Tue, 06 Apr 2021 14:37:18 GMT
    Ubuntu Security Notice 4561-2 - USN-4561-1 fixed vulnerabilities in Rack. This update provides the corresponding update for Ubuntu 16.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10. It was discovered that Rack incorrectly handled certain paths. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Various other issues were also addressed.
  • Red Hat Security Advisory 2021-1072-01 Tue, 06 Apr 2021 14:37:11 GMT
    Red Hat Security Advisory 2021-1072-01 - The libldb packages provide an extensible library that implements an LDAP-like API to access remote LDAP servers, or use local TDB databases. Issues addressed include an out of bounds read vulnerability.
  • Red Hat Security Advisory 2021-1073-01 Tue, 06 Apr 2021 14:36:25 GMT
    Red Hat Security Advisory 2021-1073-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
  • Red Hat Security Advisory 2021-1074-01 Tue, 06 Apr 2021 14:36:13 GMT
    Red Hat Security Advisory 2021-1074-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
  • Red Hat Security Advisory 2021-1071-01 Tue, 06 Apr 2021 14:36:05 GMT
    Red Hat Security Advisory 2021-1071-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
  • Red Hat Security Advisory 2021-1069-01 Tue, 06 Apr 2021 14:35:57 GMT
    Red Hat Security Advisory 2021-1069-01 - This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
  • Red Hat Security Advisory 2021-1068-01 Tue, 06 Apr 2021 14:35:45 GMT
    Red Hat Security Advisory 2021-1068-01 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
  • Red Hat Security Advisory 2021-1070-01 Tue, 06 Apr 2021 14:35:33 GMT
    Red Hat Security Advisory 2021-1070-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow and out of bounds read vulnerabilities.
  • Red Hat Security Advisory 2021-1064-01 Tue, 06 Apr 2021 14:27:48 GMT
    Red Hat Security Advisory 2021-1064-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems.
  • SAP Java OS Remote Code Execution Tue, 06 Apr 2021 14:10:41 GMT
    A malicious authenticated attacker could abuse some particular services exposed by the SAP JAVA Netweaver allowing them to execute commands in the underlying operating system. SAP Netweaver JAVA versions 7.30 through 7.50 are affected.
  • SAP SMD Agent Unauthenticated Remote Code Execution Tue, 06 Apr 2021 14:03:00 GMT
    A malicious unauthenticated user could abuse the lack of authentication check on SAP Solution Manager User-Experience Monitoring web service, allowing them to remotely execute commands in all hosts connected to the targeted SolMan through these SMD Agents. Affected versions include SAP Solution Manager SP004 Patch 0011 and lower, SP005 Patch 0012 and lower, SP006 Patch 0013 and lower, SP007 Patch 0019 and lower, SP008 Patch 0015 and lower, SP009 Patch 0007 and lower, SP010 Patch 0001 and lower, and SP011 Patch 0003 and lower.