The default privileges for the running service Normand Viewer Service in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Category Archives: Advisories
CVE-2022-22503
IBM Robotic Process Automation 21.0.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 227125.
CVE-2021-40556
A stack overflow vulnerability exists in the httpd service in ASUS RT-AX56U Router Version 3.0.0.4.386.44266. This vulnerability is caused by the strcat function called by “caupload” input handle function allowing the user to enter 0xFFFF bytes into the stack. This vulnerability allows an attacker to execute commands remotely. The vulnerability requires authentication.
USN-5661-1: LibreOffice vulnerabilities
It was discovered that LibreOffice incorrectly validated macro signatures.
If a user were tricked into opening a specially crafted document, a remote
attacker could possibly use this issue to execute arbitrary macros.
(CVE-2022-26305)
It was discovered that Libreoffice incorrectly handled encrypting the
master key provided by the user for storing passwords for web connections.
A local attacker could possibly use this issue to obtain access to
passwords stored in the user’s configuration data. (CVE-2022-26306,
CVE-2022-26307)
weechat-3.6-1.el8
FEDORA-EPEL-2022-56709b917a
Packages in this update:
weechat-3.6-1.el8
Update description:
add command “/item” to create custom bar items
add bar item “spacer”
add case conversion in evaluation of expressions with “lower:string” and “upper:string”
move detailed list of hooks from command “/plugin listfull” to “/debug hooks “
allow to remove multiple filters at once with command “/filter del”
allow to catch multiple signals in functions hook_signal and hook_hsignal
rename option “save” to “apply” in IRC command “/autojoin”
add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
add support of PHP 8.2
many bugs fixed.
weechat-3.6-1.fc37
FEDORA-2022-88252e4f80
Packages in this update:
weechat-3.6-1.fc37
Update description:
add command “/item” to create custom bar items
add bar item “spacer”
add case conversion in evaluation of expressions with “lower:string” and “upper:string”
move detailed list of hooks from command “/plugin listfull” to “/debug hooks “
allow to remove multiple filters at once with command “/filter del”
allow to catch multiple signals in functions hook_signal and hook_hsignal
rename option “save” to “apply” in IRC command “/autojoin”
add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
add support of PHP 8.2
many bugs fixed.
weechat-3.6-1.fc36
FEDORA-2022-b81c4781af
Packages in this update:
weechat-3.6-1.fc36
Update description:
add command “/item” to create custom bar items
add bar item “spacer”
add case conversion in evaluation of expressions with “lower:string” and “upper:string”
move detailed list of hooks from command “/plugin listfull” to “/debug hooks “
allow to remove multiple filters at once with command “/filter del”
allow to catch multiple signals in functions hook_signal and hook_hsignal
rename option “save” to “apply” in IRC command “/autojoin”
add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
add support of PHP 8.2
many bugs fixed.
weechat-3.6-1.el9
FEDORA-EPEL-2022-1c6c522b07
Packages in this update:
weechat-3.6-1.el9
Update description:
add command “/item” to create custom bar items
add bar item “spacer”
add case conversion in evaluation of expressions with “lower:string” and “upper:string”
move detailed list of hooks from command “/plugin listfull” to “/debug hooks “
allow to remove multiple filters at once with command “/filter del”
allow to catch multiple signals in functions hook_signal and hook_hsignal
rename option “save” to “apply” in IRC command “/autojoin”
add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706)
add support of PHP 8.2
many bugs fixed.
USN-5660-1: Linux kernel (GCP) vulnerabilities
It was discovered that the framebuffer driver on the Linux kernel did not
verify size limits when changing font or screen size, leading to an out-of-
bounds write. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2021-33655)
Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation
in the Linux kernel did not provide sufficient randomization when
calculating port offsets. An attacker could possibly use this to expose
sensitive information. (CVE-2022-1012, CVE-2022-32296)
Norbert Slusarek discovered that a race condition existed in the perf
subsystem in the Linux kernel, resulting in a use-after-free vulnerability.
A privileged local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-1729)
It was discovered that the device-mapper verity (dm-verity) driver in the
Linux kernel did not properly verify targets being loaded into the device-
mapper table. A privileged attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2022-2503)
Domingo Dirutigliano and Nicola Guerrera discovered that the netfilter
subsystem in the Linux kernel did not properly handle rules that truncated
packets below the packet header size. When such rules are in place, a
remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2022-36946)
DSA-5251 isc-dhcp – security update
Several vulnerabilities have been discovered in the ISC DHCP client,
relay and server.