Read Time:7 Second
FEDORA-2022-471e14677d
Packages in this update:
python-virtualbmc-3.0.0-1.fc37
Update description:
Security fix for CVE-2022-44020
Category Archives: Advisories
python-slixmpp-1.7.1-1.el8
Read Time:7 Second
FEDORA-EPEL-2022-bf8500ac5b
Packages in this update:
python-slixmpp-1.7.1-1.el8
Update description:
Security fix for CVE-2022-45197
varnish-6.0-3720221118143100.9e842022
Read Time:13 Second
FEDORA-MODULAR-2022-8b6db600a4
Packages in this update:
varnish-6.0-3720221118143100.9e842022
Update description:
New upstream release varnish-6.0.11: A security release. Includes fix for CVE-2022-45060 aka VSV00011. See https://varnish-cache.org/security/VSV00011.html for details.
varnish-6.0-3520221118143100.f27b74a8
Read Time:13 Second
FEDORA-MODULAR-2022-c653bdb4c2
Packages in this update:
varnish-6.0-3520221118143100.f27b74a8
Update description:
New upstream release varnish-6.0.11: A security release. Includes fix for CVE-2022-45060 aka VSV00011. See https://varnish-cache.org/security/VSV00011.html for details.
varnish-6.0-3620221118143100.5e5ad4a0
Read Time:13 Second
FEDORA-MODULAR-2022-378f767c35
Packages in this update:
varnish-6.0-3620221118143100.5e5ad4a0
Update description:
New upstream release varnish-6.0.11: A security release. Includes fix for CVE-2022-45060 aka VSV00011. See https://varnish-cache.org/security/VSV00011.html for details.
DSA-5286 krb5 – security update
Read Time:16 Second
Greg Hudson discovered integer overflow flaws in the PAC parsing in
krb5, the MIT implementation of Kerberos, which may result in remote
code execution (in a KDC, kadmin, or GSS or Kerberos application server
process), information exposure (to a cross-realm KDC acting
maliciously), or denial of service (KDC or kadmind process crash).
GLSA 202211-04: PostgreSQL: Multiple Vulnerabilities
GLSA 202211-03: PHP: Multiple Vulnerabilities
CVE-2021-37936
Read Time:15 Second
It was discovered that Kibana was not sanitizing document fields containing HTML snippets. Using this vulnerability, an attacker with the ability to write documents to an elasticsearch index could inject HTML. When the Discover app highlighted a search term containing the HTML, it would be rendered for the user.
CVE-2021-31739
Read Time:11 Second
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability (XSS), because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address.