A privileged attacker in GeoNetwork before 3.12.0 and 4.x before 4.0.4 can use the directory harvester before-script to execute arbitrary OS commands remotely on the hosting infrastructure. A User Administrator or Administrator account is required to perform this. This occurs in the runBeforeScript method in harvesters/src/main/java/org/fao/geonet/kernel/harvest/harvester/localfilesystem/LocalFilesystemHarvester.java. The earliest affected version is 3.4.0.

Read More

FEDORA-2022-cd23eac6f4

Packages in this update:

open-vm-tools-12.0.5-3.fc36

Update description:

Security fix for CVE-2022-31676

Read More

FEDORA-2022-20d374ce8f

Packages in this update:

open-vm-tools-12.0.5-3.fc37

Update description:

Security fix for CVE-2022-31676

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability.

Read More

FEDORA-FLATPAK-2022-0a5e38ea4c

Packages in this update:

flatpak-runtime-f36-3620220904192323.1
flatpak-sdk-f36-3620220904192323.1

Update description:

Updated flatpak runtime and SDK, including latest Fedora 36 security and bug-fix errata.

In addition to regular package updates, this also adds openssl1.1 to the runtime (required by python2.7 in the gimp flatpak).

Read More

FEDORA-2022-cf658a432f

Packages in this update:

libapreq2-2.17-1.fc35

Update description:

Fix CVE-2022-22728.

Read More

FEDORA-2022-61f5b492b7

Packages in this update:

libapreq2-2.17-1.fc36

Update description:

Fix CVE-2022-22728.

Read More

FEDORA-2022-9e5046934e

Packages in this update:

libapreq2-2.17-1.fc37

Update description:

Fix CVE-2022-22728.

Read More

FEDORA-EPEL-2022-ebbc78f3cb

Packages in this update:

libapreq2-2.17-1.el8

Update description:

Fix CVE-2022-22728.

Read More

FEDORA-EPEL-2022-b86f845eb8

Packages in this update:

libapreq2-2.17-1.el7

Update description:

Fix CVE-2022-22728.

Read More