New Alerts for OpenSSH (Exploit), Adobe (Exploit), Atlassian, Ivanti, and Linux.
OpenSSH Exploit
The PKCS#11 support ssh-agent could be abused to achieve remote code execution via a forwarded agent socket. Exploitation requires specific libraries on the victim system and the agent forwarded to an attacker-controlled system.
More info.
Adobe has published updates for ColdFusion that fix several vulnerabilities. Highest CVSSv3 score of 9.8. Exploits exist.
More info.
Atlassian has reported RCE vulnerabilities in Sourcetree, Jira, Crucible, Fisheye, Confluence, and Bitbucket. CVSSv3 score of 9.7
More info.
An out-of-bounds write vulnerability in the Ivanti Antivirus antimalware engines on Windows operating system causes the engine to crash. CVSSv3 score of 8.1
More info.
SUSE has updated the kernel. More info.
OpenSUSE has updated the kernel. More info.
Red Hat has updated kpatch. More info.
Mageia has updated the kernel. More info.
Scientific Linux has updated the kernel. More info.
Amazon Linux has updated the kernel. More info.
Amazon Linux 2 has updated the kernel. More info.