WordPress Simple Ads Manager plugin version 2.9.8.125 suffers from a PHP object injection vulnerability.
Monthly Archives: March 2017
WordPress Gwolle Guestbook 1.7.4 Cross Site Scripting
WordPress Gwolle Guestbook plugin version 1.7.4 suffers from a cross site scripting vulnerability.
WordPress Global Content Blocks 2.1.5 Cross Site Request Forgery
WordPress Global Content Blocks plugin version 2.1.5 suffers from a cross site request forgery vulnerability.
WordPress File Manager 3.0.1 Cross Site Request Forgery
WordPress File Manager plugin version 3.0.1 suffers from a cross site request forgery vulnerability.
Red Hat Security Advisory 2017-0435-01
Red Hat Security Advisory 2017-0435-01 – The OpenStack Oslo Middleware library provides components that can be injected into WSGI pipelines to intercept request and response flows. The base class can be enhanced with functionality like adding or updating HTTP headers, or to offer support for limiting size or connections. Security Fix: An information-disclosure flaw was found in oslo.middleware. Software using the CatchError class could include sensitive values in a traceback’s error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs.
Red Hat Security Advisory 2017-0402-01
Red Hat Security Advisory 2017-0402-01 – The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets implementation in the Linux kernel networking subsystem handled synchronization while creating the TPACKET_V3 ring buffer. A local user able to open a raw packet socket could use this flaw to elevate their privileges on the system.
Red Hat Security Advisory 2017-0386-01
Red Hat Security Advisory 2017-0386-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.
Red Hat Security Advisory 2017-0403-01
Red Hat Security Advisory 2017-0403-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A use-after-free flaw was found in the way the Linux kernel’s Datagram Congestion Control Protocol implementation freed SKB resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set on the socket. A local, unprivileged user could use this flaw to alter the kernel memory, allowing them to escalate their privileges on the system.
Red Hat Security Advisory 2017-0387-01
Red Hat Security Advisory 2017-0387-01 – The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: Linux kernel built with the Kernel-based Virtual Machine support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.
Red Hat Security Advisory 2017-0388-01
Red Hat Security Advisory 2017-0388-01 – Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix: It was found that IdM’s ca-del, ca-disable, and ca-enable commands did not properly check the user’s permissions while modifying CAs in Dogtag. An authenticated, unauthorized attacker could use this flaw to delete, disable, or enable CAs causing various denial of service problems with certificate issuance, OCSP signing, and deletion of secret keys.