Many are operating under a false sense of security
Monthly Archives: September 2022
Meta Takes Down Russian “Smash-and-Grab” Disinformation Campaign
ZDI-22-1302: Rockwell Automation ThinManager ThinServer URI Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability.
dropbear-2019.78-4.el8
FEDORA-EPEL-2022-54e8e9bf3b
Packages in this update:
dropbear-2019.78-4.el8
Update description:
Backport fix for CVE-2020-36254, resolves rhbz#1933067
dropbear-2017.75-2.el7
FEDORA-EPEL-2022-f0317a13d8
Packages in this update:
dropbear-2017.75-2.el7
Update description:
Backport fix for CVE-2018-15599, resolves rhbz#1623177
Backport fix for CVE-2020-36254, resolves rhbz#1933067
DSA-5244 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
DSA-5242 maven-shared-utils – security update
It was discovered that the Commandline class in maven-shared-utils, a
collection of various utility classes for the Maven build system, can
emit double-quoted strings without proper escaping, allowing shell
injection attacks.
DSA-5243 lighttpd – security update
Several vulnerabilities were discovered in lighttpd, a fast webserver
with minimal memory footprint.
DSA-5240 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
DSA-5241 wpewebkit – security update
The following vulnerabilities have been discovered in the WPE WebKit
web engine: