#perl

An update is now available for Red Hat Satellite 6.11This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-3200: libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c * CVE-2021-3584: foreman: Authenticate remote code execution through Sendmail configuration * CVE-2021-4142: Satellite: Allow unintended SCA certificate to authenticate Candlepin * CVE-2021-21290: netty: Information disclosure via the local system temporary directory * CVE-2021-21295: netty: possible request smuggling in HTTP/2 due missing validation * CVE-2021-21409: netty: Request smuggling via content-length header * CVE-2021-30151: sidekiq: XSS via the queue name of the live-poll feature * CVE-2021-32839: python-sqlparse: ReDoS via regular expression i...

Cloud-based malware in on the rise. In this post, we’ll cover four ways you can help secure your business against cloud-based malware. The post Cloud-based malware is on the rise. How can you secure your business? appeared first on Malwarebytes Labs.

Cloud-based malware in on the rise. In this post, we’ll cover four ways you can help secure your business against cloud-based malware. The post Cloud-based malware is on the rise. How can you secure your business? appeared first on Malwarebytes Labs.

Bug bounty platform HackerOne has disclosed that it was the victim of a rogue insider. The post HackerOne insider fired for trying to claim other people’s bounties appeared first on Malwarebytes Labs.

Ubuntu Security Notice 5500-1 - Eric Biederman discovered that the cgroup process migration implementation in the Linux kernel did not perform permission checks correctly in some situations. A local attacker could possibly use this to gain administrative privileges. Lin Ma discovered that the NFC Controller Interface implementation in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 5493-2 - It was discovered that the 8 Devices USB2CAN interface implementation in the Linux kernel did not properly handle certain error conditions, leading to a double-free. A local attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice 5485-2 - It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. It was discovered that some Intel processors did not properly perform cleanup during specific special register write operations. A local attacker could possibly use this to expose sensitive information.

Lockbit ransomware version 3.0 apparently now requires a password to execute as noted by "@vxunderground", but does not properly check bounds for both the -pass and -k arguments. Supplying a long string of characters for either flag will trigger a unicode stack buffer overflow overwriting the ECX register and structured exception handler (SEH).

Vulnerability coordination and bug bounty platform HackerOne on Friday disclosed that a former employee at the firm improperly accessed security reports submitted to it for personal gain. "The person anonymously disclosed this vulnerability information outside the HackerOne platform with the goal of claiming additional bounties," it said. "In under 24 hours, we worked quickly to contain the

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.