Untrusted search path vulnerability in Baidunetdisk Version 7.4.3 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Read More

FEDORA-2022-90162a1d88

Packages in this update:

kernel-6.0.15-300.fc37

Update description:

The 6.0.15 stable kernel update contains a number of important fixes across the tree.

Read More

A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability.

Read More

A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475.

Read More

A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.2 is able to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.

Read More

A vulnerability, which was classified as problematic, has been found in chedabob whatismyudid. Affected by this issue is the function exports.enrollment of the file routes/mobileconfig.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is bb33d4325fba80e7ea68b79121dba025caf6f45f. It is recommended to apply a patch to fix this issue. VDB-216470 is the identifier assigned to this vulnerability.

Read More

FEDORA-2022-d7ee33d4ad

Packages in this update:

curl-7.85.0-5.fc37

Update description:

smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)

Read More

FEDORA-2022-9836111c44

Packages in this update:

curl-7.82.0-12.fc36

Update description:

smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Read More