Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

RHSA-2021:3146: Red Hat Security Advisory: ACS 3.64 security and enhancement update

Updated images are now available for Red Hat Advanced Cluster Security for Kubernetes (RHACS). * Red Hat Product Security has rated this update as having a "Moderate" security impact. * A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the references section.New Features The release of RHACS 3.64 provides the following new features: 1. You can now use deployment and namespace annotations to define where RHACS sends the violation notifications when configuring your notifiers such as Slack, Microsoft Teams, Email, and others. 2. The Red Hat Advanced Cluster Security Operator now supports the ability to allow users to set the enforcement behavior of the admission controller as part of their custom resource. 3. RHACS now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM). Security Fixes The release of RHACS 3.64 provides the following security fixes: *...

Red Hat Security Data
Open in Source
#vulnerability#microsoft#ubuntu#red_hat#kubernetes
CVE-2021-24036: Security Update

Passing an attacker controlled size when creating an IOBuf could cause integer overflow, leading to an out of bounds write on the heap with the possibility of remote code execution. This issue affects versions of folly prior to v2021.07.22.00. This issue affects HHVM versions prior to 4.80.5, all versions between 4.81.0 and 4.102.1, all versions between 4.103.0 and 4.113.0, and versions 4.114.0, 4.115.0, 4.116.0, 4.117.0, 4.118.0 and 4.118.1.

CVE-2021-3246: heap-buffer-overflow in in msadpcm_decode_block · Issue #687 · libsndfile/libsndfile

A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.

CVE-2021-22235: Buildbot crash output: fuzz-2021-06-26-9972.pcap (#17462) · Issues · Wireshark Foundation / wireshark · GitLab

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file

CVE-2021-22235: Buildbot crash output: fuzz-2021-06-26-9972.pcap (#17462) · Issues · Wireshark Foundation / wireshark

Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file

CVE-2020-23705: global-buffer-overflow in function jfif_encode at jfif.c:701 · Issue #25 · rockcarry/ffjpeg

A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ffjpeg through 2020-06-22 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file.

CVE-2020-19721: Heap buffer overflow in Ap4TrunAtom.cpp when running mp42aac · Issue #415 · axiomatic-systems/Bento4

A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).

CVE-2020-19716: Buffer overflow caused by exhaustive memory usage · Issue #980 · Exiv2/exiv2

A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).

CVE-2021-21806: TALOS-2020-1214 || Cisco Talos Intelligence Group

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability.

CVE-2021-25682: Bug #1912326 “Privilege escalation to root with core file dump” : Bugs : apport package : Ubuntu

It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel.