ceph-17.2.4-1.fc37
FEDORA-2022-14b272d7f4 Packages in this update: ceph-17.2.4-1.fc37 Update description: ceph-17.2.4 Security fix for CVE-2021-3979 Note: fix was actually included in ceph-17.2.3 Read More
ZKBioSecurity 3.0.5- Privilege Escalation to Admin (CVE-2022-36634)
Posted by Caio B on Sep 30 #######################ADVISORY INFORMATION####################### Product: ZKSecurity BIO Vendor: ZKTeco Version Affected: 3.0.5.0_R CVE: CVE-2022-36634 Vulnerability: User privilege escalation #######################CREDIT####################### This...
ZKBiosecurity – Authenticated SQL Injection resulting in RCE (CVE-2022-36635)
Posted by Caio B on Sep 30 #######################ADVISORY INFORMATION####################### Product: ZKSecurity BIO Vendor: ZKTeco ( https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurity_V5000_4.1.2) Version Affected: 4.1.2 CVE: CVE-2022-36635 Vulnerability: SQL Injection (with...
python-joblib-1.2.0-1.fc37
FEDORA-2022-c83ce1c000 Packages in this update: python-joblib-1.2.0-1.fc37 Update description: Security fix for CVE-2022-21797 Read More
python-joblib-1.2.0-1.fc36
FEDORA-2022-c0bfe37ae5 Packages in this update: python-joblib-1.2.0-1.fc36 Update description: Security fix for CVE-2022-21797 Read More
USN-5649-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to...
USN-5650-1: Linux kernel vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an...
CVE-2022-20662 (duo)
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This...
CVE-2022-20728 (aironet_1542d_firmware, aironet_1542i_firmware, aironet_1562d_firmware, aironet_1562e_firmware, aironet_1562i_firmware, aironet_1815i_firmware, aironet_1815m_firmware, aironet_1815t_firmware, aironet_1815w_firmware, aironet_1830_firmware, aironet_1840_firmware, aironet_1850e_firmware, aironet_1850i_firmware, aironet_2800e_firmware, aironet_2800i_firmware, aironet_3800e_firmware, aironet_3800i_firmware, aironet_3800p_firmware, aironet_4800_firmware, catalyst_9105ax_firmware, catalyst_9115ax_firmware, catalyst_9117ax_firmware, catalyst_9120ax_firmware, catalyst_9124ax_firmware, catalyst_9130ax_firmware, catalyst_iw6300_firmware)
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native...
CVE-2021-36865 (quiz_and_survey_master)
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the...