Linux Distros Unpatched Vulnerability : CVE-2021-39262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A crafted NTFS image can cause an out-of-bounds access in ntfsdecompress in NTFS-3G 2021.8.22. CVE-2021-39262 Note that Nessus relies on the presence of the...

Privilege escalation in project role template binding (PRTB) and -promoted roles

Impact An issue was discovered in Rancher versions from 2.5.0 up to and including 2.5.16 and from 2.6.0 up to and including 2.6.9, where an authorization logic flaw allows privilege escalation via project role template binding PRTB and -promoted roles. This issue is not present in Rancher 2.7...

Security fix for the ALT Linux 9 package glpi version 9.5.10-alt1

Nov. 4, 2022 Pavel Zilke 9.5.10-alt1 - New version 9.5.10 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2022-39276 : Blind SSRF in RSS feeds and planning + CVE-2022-39372 : Stored XSS in user information +...

CVE-2022-39262

creationtimestamp| type| source ---|---|--- 2022-11-03 17:20:53+00:00| seen| https://t.me/cibsecurity/52513...

CVE-2022-39262

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue h...

CVE-2022-39262 Stored Cross-Site Scripting (XSS) on login page in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue h...

CVE-2022-39262 Stored Cross-Site Scripting (XSS) on login page in GLPI

GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue h...

CVE-2022-39262

GLPI (Gestionnaire Libre de Parc Informatique) has multiple documented vulnerabilities across several advisories. Reported issues include SQL injection in search-related features (map/search and saved searches), SSRF via Arbitrary Object Instantiation, XSS in dashboard-related workflows, and unau...

virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

An update is available for libguestfs, libnbd, libtpms, libguestfs-winsupport, nbdkit, supermin, libiscsi, hivex, libvirt, netcf, perl-Sys-Virt, seabios, qemu-kvm, swtpm, virt-v2v, sgabios, libvirt-dbus, libvirt-python. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...

ALSA-2022:1759 Moderate: virt:rhel and virt-devel:rhel security, bug fix, and enhancement update

Kernel-based Virtual Machine KVM offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the...

CVE-2021-39262 affecting package ntfs-3g for versions less than 2021.8.22-1

CVE-2021-39262 affecting package ntfs-3g for versions less than 2021.8.22-1. An upgraded version of the package is available that resolves this issue...

[SECURITY] [DLA 2819-1] ntfs-3g security update

Debian LTS Advisory DLA-2819-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany November 16, 2021 https://wiki.debian.org/LTS Package : ntfs-3g Version : 1:2016.2.22AR.1+dfsg-1+deb9u2 CVE ID : CVE-2021-33285 CVE-2021-33286 CVE-2021-33287 CVE-2021-33289 CVE-2021-352...

RHEL 8 : virt:av and virt-devel:av (RHSA-2021:3703)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3703 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...

RHEL 8 : virt:8.2 and virt-devel:8.2 (RHSA-2021:3704)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3704 advisory. The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Re...

Debian: Security Advisory (DSA-4971-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security fix for the ALT Linux 9 package ntfs-3g version 2:2021.8.22-alt1

2:2021.8.22-alt1 built Sept. 10, 2021 Valery Inozemtsev in task 284295 Aug. 31, 2021 Valery Inozemtsev - 2021.8.22 Fixes: CVE-2021-33285, CVE-2021-35269, CVE-2021-35268, CVE-2021-33289, CVE-2021-33286, CVE-2021-35266, CVE-2021-33287, CVE-2021-35267, CVE-2021-39251, CVE-2021-39252, CVE-2021-39253,...

[SECURITY] [DSA 4971-1] ntfs-3g security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4971-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso September 09, 2021 https://www.debian.org/security/faq -...

openSUSE: Security Advisory for ntfs-3g_ntfsprogs (openSUSE-SU-2021:2971-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-39262

creationtimestamp| type| source ---|---|--- 2021-09-07 18:17:28+00:00| seen| https://t.me/cibsecurity/28361...

CVE-2021-39262

CVE-2021-39262 affects NTFS-3G prior to 2021.8.22, enabling a crafted NTFS image to trigger an out-of-bounds access in the ntfs_decompress function. Public advisories across multiple distributions (Debian, Alpine, AlmaLinux, etc.) indicate a fix in or after version 2021.8.22. Affected packages in...