This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open Design Alliance (ODA) Drawing SDK. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
python-django3-3.2.18-1.fc38
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.el8
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.fc36
Security fixes for CVE-2022-24580 and CVE-2023-41323
python-django3-3.2.18-1.fc37
Security fixes for CVE-2022-24580 and CVE-2023-41323
Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible.
FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual machine appliance. It is used for network segmentation, visibility, and control of devices and users connected to the network. As such, it can be deployed at the network perimeter, making it an easier target for internet-based attacks. According to Shodan scans, more than 700,000 Fortinet devices are connected to the internet around the world.
Several flaws were found in tiffcrop, a program distributed by tiff, the Tag
Image File Format (TIFF) library and tools. A specially crafted tiff file
can lead to an out-of-bounds write or read resulting in a denial of service.
An out-of-bounds read in the BGP daemon of FRRouting FRR before 8.4 may lead
to a segmentation fault and denial of service. This occurs in
bgp_capability_msg_parse in bgpd/bgp_packet.c.
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service or incorrect validation of BCrypt hashes.
perl-HTTP-Daemon-6.15-1.fc38
6.15 2023-02-22 22:02:46Z
Fix CVE-2022-31081: Inconsistent Interpretation of HTTP Requests
Correctly handle multiple Content-Length headers and its variants
(Theo van Hoesel)
Closes “Discrepancies in the Parsing of Content Length header …” (GH#56)
(blessingcharles)
kill test server with KILL rather than QUIT (GH#63) (Graham Knop)
Create TestServer test lib for running daemon process (GH#62) (Graham Knop)
Clean up tests (GH#61) (Graham Knop)
