A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
Category Archives: Advisories
CVE-2019-5641
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user’s session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
thunderbird-102.3.0-1.fc37
FEDORA-2022-b4583f536b
Packages in this update:
thunderbird-102.3.0-1.fc37
Update description:
Update to 102.3.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ;
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
thunderbird-102.3.0-1.fc35
FEDORA-2022-e88213dd24
Packages in this update:
thunderbird-102.3.0-1.fc35
Update description:
Update to 102.3.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ;
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
thunderbird-102.3.0-1.fc36
FEDORA-2022-feb7bdf6b2
Packages in this update:
thunderbird-102.3.0-1.fc36
Update description:
Update to 102.3.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ;
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
qemu-6.2.0-15.fc36
FEDORA-2022-f0a2695054
Packages in this update:
qemu-6.2.0-15.fc36
Update description:
nvme: Fix DMA reentrancy use-after-free (CVE-2021-3929)
CVE-2022-0495 (koha_library_automation)
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.
ZDI-22-1295: Apple macOS TIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
DSA-5232 tinygltf – security update
It was discovered that the wordexp() function of tinygltf, a library to
load/save glTF (GL Transmission Format) files was susceptible to command
execution when processing untrusted files.
DSA-5234 fish – security update
An arbitrary code execution vulnerability was disovered in fish, a
command line shell. When using the default configuraton of fish,
changing to a directory automatically ran `git` commands in order to
display information about the current repository in the prompt. Such
repositories can contain per-repository configuration that change the
behavior of git, including running arbitrary commands.