An HTTP endpoint used by the Manage Engine OpManager Smart Update Manager component can be leveraged to deserialize an arbitrary Java object. This can be abused by an unauthenticated remote attacker to execute OS commands in the context of the OpManager application. This vulnerability is also present in other products that are built on top of the OpManager application. This vulnerability affects OpManager versions 12.1 through 12.5.328.
a64897f563277f473cabf805ba128ebed5a9f941959e6b9130ab7f541f5a6e50
Ubuntu Security Notice 5079-4 - USN-5079-2 fixed vulnerabilities in curl. One of the fixes introduced a regression. This update fixes the problem. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Various other issues were also addressed.
f4f6d97f9e479e48e18c50f65141b5cecaeca83955ce66cc82980e7fcf775b8e
Red Hat Security Advisory 2021-3623-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include denial of service, path sanitization, and use-after-free vulnerabilities.
e179f4dbe148fdbdace9806a19f7395a84125ca2e4c6340fc7e2f527f5e7ff75
Ubuntu Security Notice 5084-1 - It was discovered that LibTIFF incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image, a remote attacker could crash the application, leading to a denial of service, or possibly execute arbitrary code with user privileges.
f576795be249c0af98c361b6e1f9654b10e60fb38035496df66a7960d9535ce6
OpenCats version 0.9.4 suffers from an XML external entity injection vulnerability.
37dfb4d5a73e7d0887ce9b4976edbbc863f10d9a03d303e2b7cdcc798b496228
Red Hat Security Advisory 2021-3572-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. Issues addressed include a denial of service vulnerability.
79bc8941ed9ce09e0b921c0e3fc28794f451e732c5d712bb5d1922f9dcc34b71
Backdoor.Win32.Minilash.10.b malware suffers from a denial of service vulnerability.
5b5111931e51185edbabf520c6445c43e0fa8fe94fda600ab3573259e59f7c88
Red Hat Security Advisory 2021-3598-01 - OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
3a62781802214e6eb77a0d28fc9fa05ebee3d12366b8219cccc000ace400db7e
Red Hat Security Advisory 2021-3582-01 - The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
1b88eef1d3d06c1dad83790d43adf99ca662eeb37a7ac9c52c0eae714cc60f25
Ubuntu Security Notice 5079-3 - USN-5079-1 fixed vulnerabilities in curl. One of the fixes introduced a regression on Ubuntu 18.04 LTS. This update fixes the problem. It was discovered that curl incorrect handled memory when sending data to an MQTT server. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. Patrick Monnerat discovered that curl incorrectly handled upgrades to TLS. When receiving certain responses from servers, curl would continue without TLS even when the option to require a successful upgrade to TLS was specified. Patrick Monnerat discovered that curl incorrectly handled responses received before STARTTLS. A remote attacker could possibly use this issue to inject responses and intercept communications. Various other issues were also addressed.
0ed5cbb6171e4f59bf66a7fec9639c782a0a1b53c8e5cbbf6e468d1dda90bf96
Backdoor.Win32.Hupigon.asqx malware suffers from an unauthenticated open proxy vulnerability.
97edcaf65e5f73e415462404f29783bc2d034babe1b971265205fd7c2de5a2ff
Red Hat Security Advisory 2021-3590-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries. Issues addressed include a denial of service vulnerability.
5068a2d07b9897b69495fa190f5163fdcb4f986a1082a6618ba9c845d2dbcdd2
Red Hat Security Advisory 2021-3585-01 - Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
0627c3f7c57598e6ea5dd22c542dd99a80fc6e4a17a328d414c9c4d238b3fe5c
WebsiteBaker version 2.13.0 authenticated remote code execution exploit.
e1219a2fd5ffad46e29c2bafb24c7549cb30621b95ab7228f0a8ea401eb76420
Red Hat Security Advisory 2021-3576-01 - Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center. Issues addressed include denial of service and null pointer vulnerabilities.
176c8112dae74b55a1e68ef3a5a8e1e49f5632f19539fe74885cf7d4afcad4af
Budgets and Expense Tracker System version 1.0 suffers from an unauthenticated remote shell upload vulnerability.
7786512b0c77d0259b917bff396f4c713bc729cbba33482adddf10c7aa6f6431
Trojan.Win32.Agent.xaamkd malware suffers from an insecure permissions vulnerability.
d204a3c1cf0adf45e210469476678fc5b11dd8a9f81bee78d07ad955d1e522ae
Church Management System version 1.0 remote SQL injection exploit that achieves code execution.
ed72d56420b2fd693945d0b7a68763fdff117e81bee5f416ef75825168a33ac2
This is a brief whitepaper discussing the securing of authentication and authorization.
ec474e596a9d9ba2ab9781f4af02b1dee9f12e35a15b86af9d6a4566b3045d04
Yenkee Hornet Gaming Mouse suffers from a denial of service vulnerability.
026f0165a67418000f40b9a9340c0c8b132e1b64e0bbae924880597e971b485e