xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.

Read More

FEDORA-2022-e6d0495206

Packages in this update:

python3.11-3.11.1-1.fc35

Update description:

Update to 3.11.1

Read More

FEDORA-2022-6ba889e0e3

Packages in this update:

python3.11-3.11.1-1.fc36

Update description:

Update to 3.11.1

Read More

FEDORA-FLATPAK-2022-e1917c0632

Packages in this update:

thunderbird-stable-3720221208233638.1

Update description:

Update to 102.5.1 ; https://www.mozilla.org/en-US/security/advisories/mfsa2022-50/ ; https://www.thunderbird.net/en-US/thunderbird/102.5.1/releasenotes/

Read More

FEDORA-2022-2d5a6f48e1

Packages in this update:

pgadmin4-6.17-2.fc37

Update description:

Fix compatibility with newer python-azure-mgmt-rdbms.

Update to pgadmin4-6.17, see https://www.pgadmin.org/docs/pgadmin4/development/release_notes_6_17.html for details.

Read More

FEDORA-2022-acff3f54b2

Packages in this update:

rubygem-nokogiri-1.13.10-1.fc36

Update description:

A potential bug was found on nokogiri on or before 1.13.9 overlooked some return values from functions used internally. This can lead to raise some illegal exception. This bug was assigned as CVE-2022-23476. This new rpm should fix this issue.

Read More

FEDORA-2022-b5c325caad

Packages in this update:

rubygem-nokogiri-1.13.10-1.fc37

Update description:

A potential bug was found on nokogiri on or before 1.13.9 overlooked some return values from functions used internally. This can lead to raise some illegal exception. This bug was assigned as CVE-2022-23476. This new rpm should fix this issue.

Read More

Posted by Thomas Weber on Dec 08

CyberDanube Security Research 20221130-1
——————————————————————————-
               title| Authenticated Command Injection
             product| Delta Electronics DVW-W02W2-E2
  vulnerable version| V2.42
       fixed version| V2.5.2
          CVE number| –
              impact| High
            homepage|…

Read More

Posted by Thomas Weber on Dec 08

CyberDanube Security Research 20221130-0
——————————————————————————-
               title| Multiple Vulnerabilities
             product| Delta Electronics DX-2100-L1-CN
  vulnerable version| V1.5.0.10
       fixed version| V1.5.0.12
          CVE number| –
              impact| High
            homepage|…

Read More

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08

SEC Consult Vulnerability Lab Security Advisory < 20221206-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: ILIAS eLearning platform
vulnerable version: <= 7.15
fixed version: 7.16
CVE number: CVE-2022-45915, CVE-2022-45916, CVE-2022-45917,
CVE-2022-45918
impact: critical…

Read More