Category Archives: Advisories

CVE-2020-23620

Read Time:12 Second

The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.

Read More

CVE-2020-23621

Read Time:12 Second

The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object.

Read More

libopenmpt-0.6.3-1.el7

Read Time:1 Minute, 5 Second

FEDORA-EPEL-2022-4b9c772ddc

Packages in this update:

libopenmpt-0.6.3-1.el7

Update description:

libopenmpt 0.6.3 (2022-04-24)

Pitch / Pan Separation and Random Variation instrument properties were not resetting properly when seeking, potentially causing instruments to be played e.g. at a vastly different pan position compared to playing the module continuously.
MED: Stereo samples were not imported correctly.
zlib: Update to v1.2.12 (2022-03-27).

libopenmpt 0.6.2 (2022-03-13)

[Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17076)
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17078, r17079)
ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more accurately, thus avoiding some unwanted control characters.
MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
Correctly apply ST3-style effect memory when seeking in S3M files.
Command S (S3M / IT style) effect memory was not applied when seeking.
Initial channel mute status was not reported correctly in get_channel_mute_status since libopenmpt 0.6.0.
FLAC: Update to v1.3.4 (2022-02-21).
pugixml: Update to v1.12.1 (2022-02-16).

Read More

libopenmpt-0.6.3-1.el9

Read Time:1 Minute, 5 Second

FEDORA-EPEL-2022-5d0edca089

Packages in this update:

libopenmpt-0.6.3-1.el9

Update description:

libopenmpt 0.6.3 (2022-04-24)

Pitch / Pan Separation and Random Variation instrument properties were not resetting properly when seeking, potentially causing instruments to be played e.g. at a vastly different pan position compared to playing the module continuously.
MED: Stereo samples were not imported correctly.
zlib: Update to v1.2.12 (2022-03-27).

libopenmpt 0.6.2 (2022-03-13)

[Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17076)
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17078, r17079)
ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more accurately, thus avoiding some unwanted control characters.
MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
Correctly apply ST3-style effect memory when seeking in S3M files.
Command S (S3M / IT style) effect memory was not applied when seeking.
Initial channel mute status was not reported correctly in get_channel_mute_status since libopenmpt 0.6.0.
FLAC: Update to v1.3.4 (2022-02-21).
pugixml: Update to v1.12.1 (2022-02-16).

Read More

libopenmpt-0.6.3-1.el8

Read Time:1 Minute, 5 Second

FEDORA-EPEL-2022-1709e5c07f

Packages in this update:

libopenmpt-0.6.3-1.el8

Update description:

libopenmpt 0.6.3 (2022-04-24)

Pitch / Pan Separation and Random Variation instrument properties were not resetting properly when seeking, potentially causing instruments to be played e.g. at a vastly different pan position compared to playing the module continuously.
MED: Stereo samples were not imported correctly.
zlib: Update to v1.2.12 (2022-03-27).

libopenmpt 0.6.2 (2022-03-13)

[Sec] Possible out-of-bounds write in malformed IT / XM / MPTM files using the internal LFO plugin. (r17076)
[Sec] Possible out-of-bounds read when using Amiga BLEP interpolation with extremely high-pitched notes. (r17078, r17079)
ISO-8859-1-related charsets from Amiga OS and RISC OS are now handled more accurately, thus avoiding some unwanted control characters.
MO3: Pattern indices 254 / 255 were not treated as playable patterns even if the original file was a MOD / XM.
Correctly apply ST3-style effect memory when seeking in S3M files.
Command S (S3M / IT style) effect memory was not applied when seeking.
Initial channel mute status was not reported correctly in get_channel_mute_status since libopenmpt 0.6.0.
FLAC: Update to v1.3.4 (2022-02-21).
pugixml: Update to v1.12.1 (2022-02-16).

Read More

CVE-2021-29859

Read Time:21 Second

IBM ICP4A – User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081.

Read More

USN-5399-1: libvirt vulnerabilities

Read Time:1 Minute, 18 Second

It was discovered that libvirt incorrectly handled certain locking
operations. A local attacker could possibly use this issue to cause libvirt
to stop accepting connections, resulting in a denial of service. This issue
only affected Ubuntu 20.04 LTS. (CVE-2021-3667)

It was discovered that libvirt incorrectly handled threads during shutdown.
A local attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS
and Ubuntu 20.04 LTS. (CVE-2021-3975)

It was discovered that libvirt incorrectly handled the libxl driver. An
attacker inside a guest could possibly use this issue to cause libvirtd
to crash or stop responding, resulting in a denial of service. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.10.
(CVE-2021-4147)

It was discovered that libvirt incorrectly handled the nwfilter driver. A
local attacker could possibly use this issue to cause libvirt to crash,
resulting in a denial of service. (CVE-2022-0897)

It was discovered that libvirt incorrectly handled the polkit access
control driver. A local attacker could possibly use this issue to cause
libvirt to crash, resulting in a denial of service. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-25637)

It was discovered that libvirt incorrectly generated SELinux labels. In
environments using SELinux, this issue could allow the sVirt confinement
to be bypassed. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2021-3631)

Read More

CVE-2021-25086

Read Time:12 Second

The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it

Read More