Read Time:6 Second
The Qualys Research Team discovered a race condition in the snapd-confine
binary which could result in local privilege escalation.
Category Archives: Advisories
CVE-2019-18265
Read Time:18 Second
Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in logs and rendered when viewed in the web application.
USN-5752-1: Linux kernel (Azure CVM) vulnerabilities
Read Time:1 Minute, 21 Second
David Bouman and Billy Jheng Bing Jhong discovered that a race condition
existed in the io_uring subsystem in the Linux kernel, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-2602)
Sönke Huster discovered that an integer overflow vulnerability existed in
the WiFi driver stack in the Linux kernel, leading to a buffer overflow. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-41674)
Sönke Huster discovered that a use-after-free vulnerability existed in the
WiFi driver stack in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-42719)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly perform reference counting in some situations, leading to a
use-after-free vulnerability. A physically proximate attacker could use
this to cause a denial of service (system crash) or possibly execute
arbitrary code. (CVE-2022-42720)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel did
not properly handle BSSID/SSID lists in some situations. A physically
proximate attacker could use this to cause a denial of service (infinite
loop). (CVE-2022-42721)
Sönke Huster discovered that the WiFi driver stack in the Linux kernel
contained a NULL pointer dereference vulnerability in certain situations. A
physically proximate attacker could use this to cause a denial of service
(system crash). (CVE-2022-42722)
nextcloud-25.0.1-1.fc35
Read Time:6 Second
FEDORA-2022-49b20342c0
Packages in this update:
nextcloud-25.0.1-1.fc35
Update description:
Security fix for CVE-2022-39346
nextcloud-25.0.1-1.fc36
Read Time:6 Second
FEDORA-2022-902df3b060
Packages in this update:
nextcloud-25.0.1-1.fc36
Update description:
Security fix for CVE-2022-39346
nextcloud-25.0.1-1.fc37
Read Time:6 Second
FEDORA-2022-98c1d712b5
Packages in this update:
nextcloud-25.0.1-1.fc37
Update description:
Security fix for CVE-2022-39346
sfnt2woff-zopfli-1.3.1-3.fc35
Read Time:7 Second
FEDORA-2022-458378be7a
Packages in this update:
sfnt2woff-zopfli-1.3.1-3.fc35
Update description:
Fix a possible double free in woffEncode()
sfnt2woff-zopfli-1.3.1-3.fc36
Read Time:7 Second
FEDORA-2022-f0980dffd1
Packages in this update:
sfnt2woff-zopfli-1.3.1-3.fc36
Update description:
Fix a possible double free in woffEncode()
woff-0.20091126-11.el7
Read Time:7 Second
FEDORA-EPEL-2022-63588ab702
Packages in this update:
woff-0.20091126-11.el7
Update description:
Fix a possible double free in woffEncode()
mariadb-10.6-3520221123042913.f27b74a8
Read Time:11 Second
FEDORA-MODULAR-2022-9ab4fc3c30
Packages in this update:
mariadb-10.6-3520221123042913.f27b74a8
Update description:
MariaDB 10.6.11 & Galera 26.4.13
Release notes: