Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
Category Archives: Advisories
CVE-2021-33897
A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.
USN-5686-2: Git vulnerability
USN-5686-1 fixed several vulnerabilities in Git. This update
provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM.
Original advisory details:
Kevin Backhouse discovered that Git incorrectly handled certain command
strings. An attacker could possibly use this issue to cause a crash or
arbitrary code execution.
USN-5732-1: Unbound vulnerability
It was discovered that Unbound incorrectly handled delegations with a large
number of non-responsive nameservers. A remote attacker could possibly use
this issue to cause Unbound to consume resources, leading to a denial of
service.
USN-5731-1: multipath-tools vulnerabilities
It was discovered that multipath-tools incorrectly handled symlinks. A
local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)
It was discovered that multipath-tools incorrectly handled access controls.
A local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. (CVE-2022-41974)
USN-5730-1: WebKitGTK vulnerabilities
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
USN-5638-2: Expat vulnerabilities
USN-5638-1 fixed a vulnerability in Expat. This update provides
the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS.
Original advisory details:
Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.
varnish-6.6.2-3.fc35
FEDORA-2022-99c5ddb2ae
Packages in this update:
varnish-6.6.2-3.fc35
Update description:
This is a security update adding fixes for the following issues
VSV00009 aka CVE-2022-38150: Denial of service
VSV00010 aka CVE-2022-45059: Request smuggling
VSV00011 aka CVE-2022-45060: Request forgery
For details, see https://varnish-cache.org/security
samba-4.16.7-0.fc36
FEDORA-2022-d680c70ebe
Packages in this update:
samba-4.16.7-0.fc36
Update description:
Update to version 4.16.7
ZDI-22-1594: Siemens Simcenter Femap X_T File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.