Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.
Category Archives: Advisories
CVE-2020-21641
Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.
CVE-2020-21642
Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.
qemu-6.2.0-14.fc36
FEDORA-2022-baf3c3b781
Packages in this update:
qemu-6.2.0-14.fc36
Update description:
lsi53c895a: Do not abort when DMA requested and no data queued (#552)
lsi53c895a: Fix use-after-free in lsi_do_msgout (CVE-2022-0216) (rhbz#2070902)
dotnet6.0-6.0.108-1.fc35
FEDORA-2022-f2ba9be204
Packages in this update:
dotnet6.0-6.0.108-1.fc35
Update description:
This is the monthly update for .NET for August 2022. This updates the .NET SDK to 6.0.108 and .NET Runtime to 6.0.8.
This update includes a fix for CVE 2022-34716.
dotnet6.0-6.0.108-1.fc36
FEDORA-2022-0eded912f0
Packages in this update:
dotnet6.0-6.0.108-1.fc36
Update description:
This is the monthly update for .NET for August 2022. This updates the .NET SDK to 6.0.108 and .NET Runtime to 6.0.8.
This update includes a fix for CVE 2022-34716.
vim-9.0.213-1.fc35
FEDORA-2022-6f5e420e52
Packages in this update:
vim-9.0.213-1.fc35
Update description:
patchlevel 213
Security fixes for CVE-2022-2819, CVE-2022-2816, CVE-2022-2817
ZDI-22-1066: Apple macOS LaunchServices Sandbox Escape Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escape the sandbox on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1065: Apple macOS Remote Events Memory Corruption Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Authentication is not required to exploit this vulnerability.
ZDI-22-1067: NetBSD Kernel stat System Call Uninitialized Memory Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of NetBSD Kernel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.