** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.
Category Archives: Advisories
CVE-2017-20100
A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2017-20101
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely.
USN-5495-1: curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled certain cookies.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32205)
Harry Sintonen discovered that curl incorrectly handled certain HTTP compressions.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-32206)
Harry Sintonen incorrectly handled certain file permissions.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 21.10, and Ubuntu 22.04 LTS. (CVE-2022-32207)
Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages.
An attacker could possibly use this to perform a machine-in-the-diddle attack.
(CVE-2022-32208)
pack-0.27.0-1.fc36
FEDORA-2022-53e0f427dd
Packages in this update:
pack-0.27.0-1.fc36
Update description:
auto bump to v0.27.0
yubihsm-connector-3.0.3-3.fc36
FEDORA-2022-cbc7bfd88c
Packages in this update:
yubihsm-connector-3.0.3-3.fc36
Update description:
New upstream release (#2100541)
USN-5494-1: SpiderMonkey JavaScript Library vulnerabilities
It was discovered that SpiderMonkey JavaScript Library incorrectly
generated certain assembly code. An remote attacker could
possibly use this issue to cause a crash or expose sensitive
information. (CVE-2022-28285)
It was discovered that SpiderMonkey JavaScript Library incorrectly
generated certain assembly code. An remote attacker could
possibly use this issue to cause a crash. (CVE-2022-31740)
httpd-2.4.54-3.fc36
FEDORA-2022-e620fb15d5
Packages in this update:
httpd-2.4.54-3.fc36
Update description:
new version 2.4.54
various security fixes
httpd-2.4.54-1.fc35
FEDORA-2022-b54a8dee29
Packages in this update:
httpd-2.4.54-1.fc35
Update description:
new version 2.4.54
ZDI-22-873: (Pwn2Own) Prosys OPC UA SDK for Java OPC UA Messages Resource Exhaustion Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Prosys OPC UA SDK for Java. Authentication is not required to exploit this vulnerability.