#dos

Red Hat Security Advisory 2021-4103-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform. This advisory contains OpenShift Virtualization 4.9.0 RPMs. Issues addressed include a denial of service vulnerability.

Ubuntu Security Notice 5128-1 - Goutham Pacha Ravi, Jahson Babel, and John Garbutt discovered that user credentials in Ceph could be manipulated in certain environments. An attacker could use this to gain unintended access to resources. This issue only affected Ubuntu 18.04 LTS. It was discovered that Ceph contained an authentication flaw, leading to key reuse. An attacker could use this to cause a denial of service or possibly impersonate another user. This issue only affected Ubuntu 21.04. Various other issues were also addressed.

i3 International Annexxus Cameras Ax-n version 5.2.0 does not allow creation of more than one administrator account on the system. This also applies for deletion of the administrative account. The logic behind this restriction can be bypassed by parameter manipulation using dangerous verbs like PUT and DELETE and improper server-side validation. Once a normal account with viewer or operator permissions has been added by the default admin user i3admin, a PUT request can be issued calling the UserPermission endpoint with the ID of created account and set it to admin userType, successfully adding a second administrative account.

Red Hat Security Advisory 2021-4100-01 - This release of Red Hat Integration - Service registry 2.0.2.GA serves as a replacement for 2.0.1.GA, and includes the below security fixes. Issues addressed include a cross site scripting vulnerability.

This Metasploit module exploits a privilege escalation vulnerability in Ericsson Network Location Mobile Positioning Systems.

This Metasploit module exploits an arbitrary command execution vulnerability in Ericsson Network Location Mobile Positioning Systems. The export feature in various parts of the application is vulnerable. It is a feature made for the information in the tables to be exported to the server and imported later when required. Export operations contain the file_name parameter. This parameter is assigned as a variable between the server commands on the backend side. It allows command injection.

Red Hat Security Advisory 2021-4097-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include code execution and use-after-free vulnerabilities.

Red Hat Security Advisory 2021-4088-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Dynojet Power Core version 2.3.0 suffers from an unquoted service path vulnerability.

Red Hat Security Advisory 2021-4089-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR6-FP35.