Read Time:6 Second
FEDORA-2022-ae75c0ca4f
Packages in this update:
qt5-qtwebengine-5.15.10-1.fc35
Update description:
Update to latest LTS release
Category Archives: Advisories
123ADV-001: Stack Buffer Overflow in Lotus 1-2-3 R3 for UNIX/Linux
Read Time:23 Second
Posted by Tavis Ormandy on Sep 05
# About
The 123 command is a spreadsheet application for UNIX-based systems that
can be used in interactive mode to create and modify financial and
scientific models.
For more information, see https://123r3.net
# Advisory
A stack buffer overflow was reported in the cell format processing
routines. If a victim opens an untrusted malicious worksheet, code
execution could occur.
There have been no reports of this vulnerability being exploited…
DSA-5226 pcs – security update
Read Time:4 Second
Two security issues were discovered in pcs, a corosync and pacemaker
configuration tool:
DSA-5225 chromium – security update
Read Time:5 Second
A security issue was discovered in Chromium, which could result in the
execution of arbitrary code.
DSA-5224 poppler – security update
Read Time:10 Second
Two vulnerabilities were discovered in poppler, a PDF rendering library,
which could result in denial of service or the execution of arbitrary
code if a malformed PDF file or JBIG2 image is processed.
open-vm-tools-12.0.5-3.fc35
Read Time:7 Second
FEDORA-2022-9a73b28b96
Packages in this update:
open-vm-tools-12.0.5-3.fc35
Update description:
Security fix for CVE-2022-31676
CVE-2021-28398
Read Time:22 Second
A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.
open-vm-tools-12.0.5-3.fc36
Read Time:7 Second
FEDORA-2022-cd23eac6f4
Packages in this update:
open-vm-tools-12.0.5-3.fc36
Update description:
Security fix for CVE-2022-31676
open-vm-tools-12.0.5-3.fc37
Read Time:7 Second
FEDORA-2022-20d374ce8f
Packages in this update:
open-vm-tools-12.0.5-3.fc37
Update description:
Security fix for CVE-2022-31676
ZDI-22-1184: ManageEngine OpManager Plus getDNSResolveOption Command Injection Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability.