This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability.
Monthly Archives: August 2023
ZDI-23-1168: Zabbix Web Service Report Generation External Control of File Name Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zabbix Web Service. Authentication is not required to exploit this vulnerability.
subscription-manager-1.29.37-1.fc38
FEDORA-2023-29a012c0db
Packages in this update:
subscription-manager-1.29.37-1.fc38
Update description:
Automatic update for subscription-manager-1.29.37-1.fc38.
Changelog for subscription-manager
* Wed Aug 23 2023 Packit <hello@packit.dev> – 1.29.37-1
– Automatic commit of package [subscription-manager] release [1.29.37-1]. (Pino Toscano)
– Translated using Weblate (Korean) (김인수)
– Update translation files (Weblate)
– 2225446: Hotfix of D-Bus policy (Jiri Hnidek)
– TESTING: Update testing requirements (Matyas Horky)
– Use Fedora registry to pull container images (Matyas Horky)
– 2232316: dbus: check “force” again from the registration option (Pino Toscano)
– dbus: run EntCertActionInvoker on PoolAttach (Pino Toscano)
– ENT-5624: Properly translate error strings (Matyas Horky)
– Mock IOError for Insights fact collection tests (Matyas Horky)
– New extraction for translatable strings (Pino Toscano)
subscription-manager-1.29.37-1.fc37
FEDORA-2023-0f2f9bc779
Packages in this update:
subscription-manager-1.29.37-1.fc37
Update description:
Automatic update for subscription-manager-1.29.37-1.fc37.
Changelog for subscription-manager
* Wed Aug 23 2023 Packit <hello@packit.dev> – 1.29.37-1
– Automatic commit of package [subscription-manager] release [1.29.37-1]. (Pino Toscano)
– Translated using Weblate (Korean) (김인수)
– Update translation files (Weblate)
– 2225446: Hotfix of D-Bus policy (Jiri Hnidek)
– TESTING: Update testing requirements (Matyas Horky)
– Use Fedora registry to pull container images (Matyas Horky)
– 2232316: dbus: check “force” again from the registration option (Pino Toscano)
– dbus: run EntCertActionInvoker on PoolAttach (Pino Toscano)
– ENT-5624: Properly translate error strings (Matyas Horky)
– Mock IOError for Insights fact collection tests (Matyas Horky)
– New extraction for translatable strings (Pino Toscano)
CVE-2020-18781
Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert.
CVE-2020-18780
A Use After Free vulnerability in function new_Token in asm/preproc.c in nasm 2.14.02 allows attackers to cause a denial of service via crafted nasm command.
CVE-2020-18770
An issue was discovered in function zzip_disk_entry_to_file_header in mmapped.c in zziplib 0.13.69, which will lead to a denial-of-service.
CVE-2020-18768
There exists one heap buffer overflow in _TIFFmemcpy in tif_unix.c in libtiff 4.0.10, which allows an attacker to cause a denial-of-service through a crafted tiff file.
CVE-2020-18652
Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file.
CVE-2020-18651
Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame.