CVE-2015-20109

Read Time:21 Second

end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.

Read More

golang-github-schollz-croc-9.6.4-1.fc39

Read Time:42 Second

FEDORA-2023-4c1050f439

Packages in this update:

golang-github-schollz-croc-9.6.4-1.fc39

Update description:

Automatic update for golang-github-schollz-croc-9.6.4-1.fc39.

Changelog

* Fri May 19 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 9.6.4-1
– Update to 9.6.4 – Closes rhbz#2208585 rhbz#2171537 rhbz#2163218
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> – 9.5.2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> – 9.5.2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Tue Jul 19 2022 Maxwell G <gotmax@e.email> – 9.5.2-2
– Rebuild for
CVE-2022-{1705,32148,30631,30633,28131,30635,30632,30630,1962} in golang

Read More

Multiple Vulnerabilities in VMware Products Could Allow for Arbitrary Code Execution

Read Time:30 Second

Multiple vulnerabilities have been discovered in VMware vCenter Server and Cloud Foundation, the most severe of which could allow for arbitrary code execution. VMware vCenter Server is the centralized management utility for VMware. VMware Cloud Foundation is a multi-cloud platform that provides a full-stack hyperconverged infrastructure (HCI) that is made for modernizing data centers and deploying modern container-based applications. Successful exploitation of these vulnerabilities could allow for arbitrary code execution in the context of the administrator account. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Read More

Public exploit is now available for Cisco AnyConnect VPN client

Read Time:32 Second

An easy-to-use exploit was publicly released this week for a patched vulnerability that affects the widely used Cisco AnyConnect Secure Mobility Client and Cisco Secure Client applications for Windows. Attackers could leverage the exploit to elevate their privileges on a victim’s system and take full control of it.

Cisco Secure Client for Windows, previously known as Cisco AnyConnect Secure Mobility Client before version 5.0, is an application that integrates with multiple Cisco endpoint security and management platforms and technologies including its AnyConnect VPN and zero-trust network access (ZTNA) platform, which is popular with enterprises.

To read this article in full, please click here

Read More