But only 15% of these vulnerabilities with available fixes are in packages loaded at runtime
Monthly Archives: February 2023
golang-github-google-dap-0.7.0-1.fc37
FEDORA-2023-8ecc0e487e
Packages in this update:
golang-github-google-dap-0.7.0-1.fc37
Update description:
Update go-dap to 0.7.0, also fix CVE-2022-41717
golang-github-google-dap-0.7.0-1.fc36
FEDORA-2023-cb3a59a3df
Packages in this update:
golang-github-google-dap-0.7.0-1.fc36
Update description:
Update go-dap to 0.7.0, also fix CVE-2022-41717
USN-5837-2: Django vulnerability
USN-5837-1 fixed a vulnerability in Django. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Nick Pope discovered that Django incorrectly handled certain
Accept-Language headers. A remote attacker could possibly use this issue to
cause Django to consume memory, leading to a denial of service.
Almost all Organizations are Working with Recently Breached Vendors
The latest supply chain security report from SecurityScorecard and the Cyentia Institute shows worrying findings
BEC Group Uses Open Source Tactics in Hundreds of Attacks
USN-5838-1: AdvanceCOMP vulnerabilities
It was discovered that AdvanceCOMP did not properly manage memory while
performing read operations on MNG file. If a user were tricked into opening
a specially crafted MNG file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2022-35014, CVE-2022-35017, CVE-2022-35018, CVE-2022-35019,
CVE-2022-35020)
It was discovered that AdvanceCOMP did not properly manage memory while
performing read operations on ZIP file. If a user were tricked into opening
a specially crafted ZIP file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2022-35015, CVE-2022-35016)
USN-5839-1: Apache HTTP Server vulnerabilities
It was discovered that the Apache HTTP Server mod_dav module incorrectly
handled certain If: request headers. A remote attacker could possibly use
this issue to cause the server to crash, resulting in a denial of service.
(CVE-2006-20001)
ZeddYu_Lu discovered that the Apache HTTP Server mod_proxy_ajp module
incorrectly interpreted certain HTTP Requests. A remote attacker could
possibly use this issue to perform an HTTP Request Smuggling attack.
(CVE-2022-36760)
Dimas Fariski Setyawan Putra discovered that the Apache HTTP Server
mod_proxy module incorrectly truncated certain response headers. This may
result in later headers not being interpreted by the client.
(CVE-2022-37436)
Misconfiguration and vulnerabilities biggest risks in cloud security: Report
The two biggest cloud security risks continue to be misconfigurations and vulnerabilities, which are being introduced in greater numbers through software supply chains, according to a report by Sysdig.
While zero trust is a top priority, data showed that least privilege access rights, an underpinning of zero trust architecture, are not properly enforced. Almost 90% of granted permissions are not used, which leaves many opportunities for attackers who steal credentials, the report noted.
USN-5837-1: Django vulnerability
Nick Pope discovered that Django incorrectly handled certain
Accept-Language headers. A remote attacker could possibly use this issue to
cause Django to consume memory, leading to a denial of service.