rubygem-nokogiri-1.13.10-1.fc36
A potential bug was found on nokogiri on or before 1.13.9 overlooked some return values from functions used internally. This can lead to raise some illegal exception. This bug was assigned as CVE-2022-23476. This new rpm should fix this issue.
rubygem-nokogiri-1.13.10-1.fc37
A potential bug was found on nokogiri on or before 1.13.9 overlooked some return values from functions used internally. This can lead to raise some illegal exception. This bug was assigned as CVE-2022-23476. This new rpm should fix this issue.
Posted by Thomas Weber on Dec 08
CyberDanube Security Research 20221130-1
——————————————————————————-
title| Authenticated Command Injection
product| Delta Electronics DVW-W02W2-E2
vulnerable version| V2.42
fixed version| V2.5.2
CVE number| –
impact| High
homepage|…
Posted by Thomas Weber on Dec 08
CyberDanube Security Research 20221130-0
——————————————————————————-
title| Multiple Vulnerabilities
product| Delta Electronics DX-2100-L1-CN
vulnerable version| V1.5.0.10
fixed version| V1.5.0.12
CVE number| –
impact| High
homepage|…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08
SEC Consult Vulnerability Lab Security Advisory < 20221206-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: ILIAS eLearning platform
vulnerable version: <= 7.15
fixed version: 7.16
CVE number: CVE-2022-45915, CVE-2022-45916, CVE-2022-45917,
CVE-2022-45918
impact: critical…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08
SEC Consult Vulnerability Lab Security Advisory < 20221201-0 >
=======================================================================
title: Replay attacks & Displaying arbitrary contents
product: Zhuhai Suny Technology ESL Tag / ETAG-TECH protocol
(electronic shelf labels)
vulnerable version: All
fixed version: –
CVE number: CVE-2022-45914
impact:…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 08
SEC Consult Vulnerability Lab Security Advisory < 20221130-0 >
=======================================================================
title: Multiple critical vulnerabilities
product: Planet Enterprises Ltd – Planet eStream
vulnerable version: <6.72.10.07
fixed version: 6.72.10.07
CVE number: CVE-2022-45896, CVE-2022-45893, CVE-2022-45891,
CVE-2022-45889,…
Posted by Qualys Security Advisory via Fulldisclosure on Dec 08
Qualys Security Advisory
Race condition in snap-confine’s must_mkdir_and_open_with_perms()
(CVE-2022-3328)
========================================================================
Contents
========================================================================
Summary
Background
Exploitation
Acknowledgments
Timeline
I can’t help but feel a missed opportunity to integrate lyrics from
one of the best songs ever: [SNAP! – The…
Posted by malvuln on Dec 08
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/8872c2ec49ff3382240762a029631684.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Backup media: infosec.exchange/@malvuln
Threat: Backdoor.Win32.Delf.gj
Vulnerability: Information Disclosure
Description: The malware listens on TCP port 80. Third-party adversaries
who can reach an infected system can pass…
Posted by Julien Ahrens (RCE Security) on Dec 08
RCE Security Advisory
https://www.rcesecurity.com
1. ADVISORY INFORMATION
=======================
Product: Intel Data Center Manager
Vendor URL: https://www.intel.com/content/www/us/en/developer/tools/data-center-manager-console/overview.html
Type: Incorrect Use of Privileged APIs [CWE-648]
Date found: 2022-07-16
Date published: 2022-12-07
CVSSv3 Score: 7.4 (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE:…
