Read Time:9 Second
FEDORA-EPEL-2022-53c9c8c84a
Packages in this update:
trafficserver-9.1.4-1.el9
Update description:
Update to 9.1.4, resolves CVE-2022-32749, CVE-2022-37392, CVE-2022-40743
Category Archives: Advisories
DSA-5304 xorg-server – security update
Read Time:9 Second
Jan-Niklas Sohn discovered several vulnerabilities in X server extensions
in the X.Org X server, which may result in privilege escalation if the X
server is running privileged.
CVE-2021-33640
Read Time:14 Second
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).
libtar-1.2.20-26.fc36
Read Time:9 Second
FEDORA-2022-ccc68b06cc
Packages in this update:
libtar-1.2.20-26.fc36
Update description:
fix use-after-free bugs introduced by incorrect memleak fixes (CVE-2021-33640)
libtar-1.2.20-26.fc37
Read Time:9 Second
FEDORA-2022-88772d0a2d
Packages in this update:
libtar-1.2.20-26.fc37
Update description:
fix use-after-free bugs introduced by incorrect memleak fixes (CVE-2021-33640)
xorg-x11-server-Xwayland-22.1.7-1.fc36
Read Time:7 Second
FEDORA-2022-3f40d00dd9
Packages in this update:
xorg-x11-server-Xwayland-22.1.7-1.fc36
Update description:
xwayland 22.1.7
CVE-2020-36618
Read Time:21 Second
A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.
CVE-2020-36619
Read Time:22 Second
A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.
CVE-2016-20018
Read Time:8 Second
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query.
ZDI-22-1681: Autodesk 3DS Max SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.