Read Time:2 Second
Somnia malware hijacks Telegram and VPN accounts
Monthly Archives: November 2022
varnish-7.1.2-1.fc37 varnish-modules-0.20.0-4.fc37
Read Time:1 Minute, 3 Second
FEDORA-2022-0d5dcc031e
Packages in this update:
varnish-7.1.2-1.fc37
varnish-modules-0.20.0-4.fc37
Update description:
New upstream release: A security release. This release includes fix for CVE-2022-45059 (VSV00011) and CVE-2022-45060 (VSV00010). From the upstream release notes:
VSV00010 Varnish Request Smuggling Vulnerability
Date: 2022-11-08
A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend. Among the headers that can be filtered this way are both Content-Length and Host, making it possible for an attacker to both break the HTTP/1 protocol framing, and bypass request to host routing in VCL.
VSV00011 Varnish HTTP/2 Request Forgery Vulnerability
Date: 2022-11-08
A request forgery attack can be performed on Varnish Cache servers that have the HTTP/2 protocol turned on. An attacker may introduce characters through the HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This may in turn be used to successfully exploit vulnerabilities in a server behind the Varnish server.
CVE-2021-38828
Read Time:6 Second
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing.
CVE-2021-38827
Read Time:5 Second
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover.
DSA-5277 php7.4 – security update
Read Time:11 Second
Multiple security issues were discovered in PHP, a widely-used open
source general purpose scripting language which could result in denial
of service, information disclosure, insecure cooking handling or
potentially the execution of arbitrary code.
DSA-5278 xorg-server – security update
Read Time:9 Second
It was discovered that a buffer overflow in the _getCountedString()
function of the Xorg X server may result in denial of service or
potentially the execution of arbitrary code.
js-jquery-ui-1.13.2-1.el9
Read Time:21 Second
FEDORA-EPEL-2022-8d55a68e09
Packages in this update:
js-jquery-ui-1.13.2-1.el9
Update description:
A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label.
js-jquery-ui-1.13.2-1.el8
Read Time:21 Second
FEDORA-EPEL-2022-2da86b14b9
Packages in this update:
js-jquery-ui-1.13.2-1.el8
Update description:
A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label.
js-jquery-ui-1.13.2-1.el7
Read Time:21 Second
FEDORA-EPEL-2022-a06d5c7af1
Packages in this update:
js-jquery-ui-1.13.2-1.el7
Update description:
A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label.
js-jquery-ui-1.13.2-1.fc36
Read Time:21 Second
FEDORA-2022-1a01ed37e2
Packages in this update:
js-jquery-ui-1.13.2-1.fc36
Update description:
A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting (XSS) attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label.