Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Category Archives: Advisories
USN-5699-1: GNU C Library vulnerabilities
Read Time:25 Second
Jan Engelhardt, Tavis Ormandy, and others discovered that the GNU C Library
iconv feature incorrectly handled certain input sequences. An attacker
could possibly use this issue to cause the GNU C Library to hang or crash,
resulting in a denial of service. (CVE-2021-3326)
It was discovered that the GNU C Library nscd daemon incorrectly handled
certain netgroup lookups. An attacker could possibly use this issue to
cause the GNU C Library to crash, resulting in a denial of service.
(CVE-2021-35942)
samba-4.17.2-2.fc37
Read Time:8 Second
FEDORA-2022-8a9a568dbe
Packages in this update:
samba-4.17.2-2.fc37
Update description:
Update to version 4.17.2 to address CVE-2022-3592
drupal7-7.92-1.fc35
Read Time:21 Second
FEDORA-2022-bf18450366
Packages in this update:
drupal7-7.92-1.fc35
Update description:
7.92
7.91
SA-CORE-2022-012 / CVE-2022-25275
7.90
7.89
7.88
SA-CORE-2022-003 / CVE-2022-25271
7.87
7.86
SA-CORE-2022-001 / CVE-2021-41184
SA-CORE-2022-002 / CVE-2021-41182 / CVE-2021-41183 / CVE-2016-7103 / CVE-2010-5312
USN-5698-2: Open vSwitch vulnerability
Read Time:18 Second
USN-5698-1 fixed a vulnerability in Open. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Open vSwitch incorrectly handled comparison of
certain minimasks. A remote attacker could use this issue to cause Open
vSwitch to crash, resulting in a denial of service, or possibly execute
arbitrary code.
USN-5698-1: Open vSwitch vulnerability
Read Time:11 Second
It was discovered that Open vSwitch incorrectly handled comparison of
certain minimasks. A remote attacker could use this issue to cause Open
vSwitch to crash, resulting in a denial of service, or possibly execute
arbitrary code.
php-8.0.25-1.fc35
Read Time:30 Second
FEDORA-2022-f2a5082860
Packages in this update:
php-8.0.25-1.fc35
Update description:
PHP version 8.0.25 (27 Oct 2022)
GD:
Fixed bug php#81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb)
Hash:
Fixed bug php#81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be)
Session:
Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn’t have a validateId() method). (Girgias)
Streams:
Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud)
USN-5697-1: Barbican vulnerability
Read Time:7 Second
Douglas Mendizabal discovered that Barbican incorrectly handled certain
query strings. A remote attacker could possibly use this issue to bypass
the access policy.
ZDI-22-1466: TP-Link TL-WR841N ated_tp Command Injection Remote Code Execution Vulnerability
Read Time:10 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR841N routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-1465: GnuPG libksba CRL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:10 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GnuPG libksba. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.