Category Archives: Advisories

USN-5711-2: NTFS-3G vulnerability

November 3, 2022

Read Time:16 Second

USN-5711-1 fixed a vulnerability in NTFS-3G. This update provides
the corresponding update for Ubuntu 14.04 ESM Ubuntu 16.04 ESM.

Original advisory details:

Yuchen Zeng and Eduardo Vela discovered that NTFS-3G incorrectly validated
certain NTFS metadata. A local attacker could possibly use this issue to
gain privileges.

Advisories

vim-9.0.828-1.fc36

November 3, 2022

Read Time:6 Second

FEDORA-2022-06e4f1dd58

Packages in this update:

vim-9.0.828-1.fc36

Update description:

Security fix for CVE-2022-3705

Advisories

vim-9.0.828-1.fc37

November 3, 2022

Read Time:6 Second

FEDORA-2022-4bc60c32a2

Packages in this update:

vim-9.0.828-1.fc37

Update description:

Security fix for CVE-2022-3705

Advisories

php-pear-CAS-1.6.0-1.fc35

November 3, 2022

Read Time:15 Second

FEDORA-2022-76b3530ac2

Packages in this update:

php-pear-CAS-1.6.0-1.fc35

Update description:

Changes in version 1.6.0

Bug Fixes:

Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability CVE-2022-39369 (Henry Pan)
Set user agent [#421] (Fydon)

Advisories

php-pear-CAS-1.6.0-1.fc37

November 3, 2022

Read Time:15 Second

FEDORA-2022-d6c6782130

Packages in this update:

php-pear-CAS-1.6.0-1.fc37

Update description:

Changes in version 1.6.0

Bug Fixes:

Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability CVE-2022-39369 (Henry Pan)
Set user agent [#421] (Fydon)

Advisories

php-pear-CAS-1.6.0-1.fc36

November 3, 2022

Read Time:15 Second

FEDORA-2022-37c2d26f59

Packages in this update:

php-pear-CAS-1.6.0-1.fc36

Update description:

Changes in version 1.6.0

Bug Fixes:

Introduce required service_name constructor argument to fix service hostname discovery exploitation vulnerability CVE-2022-39369 (Henry Pan)
Set user agent [#421] (Fydon)

Advisories

ZDI-22-1505: D-Link DIR-1935 SetSysLogSettings IPAddress Command Injection Remote Code Execution Vulnerability

November 3, 2022

Read Time:10 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Advisories

ZDI-22-1504: D-Link DIR-1935 SetQoSSettings QoSInfo Command Injection Remote Code Execution Vulnerability

November 3, 2022

Read Time:10 Second

Advisories

ZDI-22-1503: D-Link DIR-1935 HNAP Incorrect Comparison Authentication Bypass Vulnerability

November 3, 2022

Read Time:8 Second

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 routers. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1502: D-Link DIR-1935 SetVirtualServerSettings VirtualServerInfo Command Injection Remote Code Execution Vulnerability

November 3, 2022

Read Time:10 Second

News, Advisories and much more

Exit mobile version