Category Archives: Advisories

Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability in SAP Focused Run (Simple Diagnostics Agent 1.0)

Read Time:21 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0006: Information Disclosure vulnerability
in SAP Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Running unnecessary services, like a jetty webserver, may lead to increased
surface area for an attack and also it unnecessarily exposes underlying
vulnerabilities.

## Advisory Information

– Public Release Date: 06/21/2022
– Security Advisory ID: ONAPSIS-2022-0006
– Researcher(s): Yvan Genuer

##…

Read More

Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS) vulnerability in SAP Fiori launchpad

Read Time:23 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0005: Cross-Site Scripting (XSS)
vulnerability in SAP Fiori launchpad

## Impact on Business

Impact depends on the victim’s privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired
requests in the SAP System (CSRF) as well as redirected to arbitrary web
site
(Open Redirect).

## Advisory Information

– Public Release Date: 06/21/2022
-…

Read More

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP Focused Run (Simple Diagnostics Agent 1.0)

Read Time:21 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0004: Missing Authentication check in SAP
Focused Run (Simple Diagnostics Agent 1.0)

## Impact on Business

Because the Simple Diagnostic Agent (SDA) handles several important
configuration and critical credential information, a successful attack
could lead to the control of the SDA, and therefore affect:
* Integrity, by modifying the configuration.
* Availability, by stopping the service.
* Confidentiality…

Read More

Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS) vulnerability in SAP Focused Run (Real User Monitoring)

Read Time:22 Second

Posted by Onapsis Research via Fulldisclosure on Jun 21

# Onapsis Security Advisory 2022-0003: Cross-Site Scripting (XSS)
vulnerability in SAP Focused Run (Real User Monitoring)

## Impact on Business

Impact depends on the victim’s privileges. In most cases, a successful
attack
allows an attacker to hijack a session, or force the victim to perform
undesired request
in SAP Focused Run.

## Advisory Information

– Public Release Date: 06/21/2022
– Security Advisory ID: ONAPSIS-2022-0003
-…

Read More

3mux-1.1.0-5.fc36 act-1.6.0-6.fc36 aerc-0.10.0-3.fc36 age-1.0.0-5.fc36 apache-cloudstack-cloudmonkey-6.2.0-3.fc36 aquatone-1.7.0-7.fc36 aron-0-0.6.20200626git7eade58.fc36 asnip-0-0.6.20200618git44ba98b.fc36 assetfinder-0.1.0-6.fc36 bettercap-2.32.0-4.fc36 cadvisor-0.44.1-2.fc36 chisel-1.7.7-3.fc36 clash-1.8.0-4.fc36 commit-stream-0.1.2-7.fc36 containerd-1.6.6-3.fc36 direnv-2.28.0-5.fc36 dnscrypt-proxy-2.1.1-4.fc36 dnsx-1.1.0-3.fc36 douceur-0.2.0-14.fc36 duf-0.8.1-3.fc36 ffuf-1.0.2-6.fc36 fzf-0.30.0-3.fc36 geoipupdate-4.9.0-2.fc36 gh-2.12.1-3.fc36 git-time-metric-1.3.5-15.fc36 glide-0.13.2-10.fc36 goaltdns-0-0.7.20200627git2b3e8a3.fc36 gobuster-3.1.0-3.fc36 godoctor-0.6-12.fc36 godotenv-1.4.0-4.fc36 gojq-0.12.8-3.fc36 golang-bug-serial-1-1.3.5-3.fc36 golang-contrib-opencensus-resource-0.1.2-7.fc36 golang-etcd-bbolt-1.3.6-4.fc36 golang-gioui-0-8.20201225git18d4dbf.fc36 golang-github-a8m-tree-0-0.16.20210725gitce3525c.fc36 golang-github-acme-lego-4.4.0-6.fc36 golang-github-ajstarks-deck-0-0.12.20210114git30c9fc6.fc36 golang-github-akavel-rsrc-0.10.2-4.fc36 golang-github-alecthomas-chroma-0.10.0-3.fc36 golang-github-aliyun-ossutil-1.7.9-3.fc36 golang-github-andybalholm-cascadia-1.2.0-6.fc36 golang-github-apache-beam-2-2.33.0~RC1-7.fc36 golang-github-appc-docker2aci-0.17.2-9.fc36 golang-github-appc-goaci-0.1.1-12.fc36 golang-github-appc-spec-0.8.11-14.fc36 golang-github-aryann-difflib-0-0.5.20200822gite206f87.fc36 golang-github-aws-lambda-1.26.0-4.fc36 golang-github-axgle-mahonia-0-0.13.20181112git3358181.fc36 golang-github-bifurcation-mint-0-0.9.20200724git93c820e.fc36 golang-github-bobesa-domain-util-0-0.6.20200504git4033b5f.fc36 golang-github-burntsushi-toml-1.0.0-5.fc36 golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc36 golang-github-burntsushi-xgb-0-0.15.20210108git5f9e7b3.fc36 golang-github-c-bata-prompt-0.2.6-4.fc36 golang-github-cactus-statsd-client-5.0.0-5.fc36 golang-github-cespare-xxhash-2.1.2-3.fc36 golang-github-chai2010-gettext-1.0.2-6.fc36 golang-github-chris-ramon-douceur-0.2.0-5.20200910gitf346305.fc36 golang-github-christrenkamp-goxpath-0-0.6.20200627gitc5096ec.fc36 golang-github-cilium-ebpf-0.8.0-2.fc36 golang-github-client9-plaintext-0-0.8.20190703git5bf47e7.fc36 golang-github-cloudflare-0.21.0-3.fc36 golang-github-cloudflare-redoctober-0-0.11.20210114git99c99a8.fc36 golang-github-cockroachdb-pebble-0-0.8.20210108git48f5530.fc36 golang-github-colinmarc-hdfs-2-2.2.0-4.fc36 golang-github-containerd-continuity-0.2.2-3.fc36 golang-github-containerd-fuse-overlayfs-snapshotter-1.0.2-7.fc36 golang-github-containerd-stargz-snapshotter-0.10.1-2.fc36 golang-github-containernetworking-cni-1.1.1-4.fc36 golang-github-coredns-corefile-migration-1.0.11-6.fc36 golang-github-cpu-goacmedns-0.1.1-5.fc36 golang-github-cpuguy83-md2man-2.0.2-2.fc36 golang-github-crossdock-0-0.8.20190628git049aabb.fc36 golang-github-cucumber-godog-0.12.1-4.fc36 golang-github-dave-jennifer-1.4.1-5.fc36 golang-github-deepmap-oapi-codegen-1.8.2-3.fc36 golang-github-dgrijalva-jwt-3.2.0-11.fc36 golang-github-dreamacro-shadowsocks2-0.1.7-6.fc36 golang-github-dustinkirkland-petname-0-0.6.20200605git8e5a1ed.fc36 golang-github-eknkc-amber-0-0.17.20190601gitcdade1c.fc36 golang-github-elazarl-bindata-assetfs-1.0.1-9.fc36 golang-github-emersion-smtp-0.15.0-4.fc36 golang-github-envoyproxy-protoc-gen-validate-0.4.1-6.fc36 golang-github-etcd-io-gofail-0-0.3.20210808gitad7f989.fc36 golang-github-evanphx-json-patch-5.5.0-3.fc36 golang-github-evanw-esbuild-0.14.38-2.fc36 golang-github-fernet-0-0.9.20200726giteff2850.fc36 golang-github-francoispqt-gojay-1.2.13-7.fc36 golang-github-fvbommel-util-0.0.3-5.fc36 golang-github-gdamore-tcell-1.4.0-5.fc36 golang-github-gdamore-tcell-2-2.5.0-2.fc36 golang-github-geertjohan-rice-1.0.2-5.fc36 golang-github-gobuffalo-here-0.6.2-5.fc36 golang-github-gobwas-ws-1.1.0-3.fc36 golang-github-gocolly-colly-2-2.1.0-4.20210920git2f09941.fc36 golang-github-gogo-googleapis-1.4.1-4.fc36 golang-github-gohugoio-localescompressed-1.0.1-2.fc36 golang-github-gohugoio-testmodbuilder-0-0.10.20201030git72e1e0c.fc36 golang-github-golangci-lint-1-0-0.5.20200828gitd2cdd8c.fc36 golang-github-google-jsonnet-0.17.0-5.fc36 golang-github-google-martian-3.1.0-9.fc36 golang-github-google-pprof-0-16.20210802gitc50bf4f.fc36 golang-github-google-slothfs-0-0.11.20200727git59c1163.fc36 golang-github-google-wire-0.5.0-3.fc36 golang-github-googleapis-gnostic-0.5.3-6.fc36 golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-6.fc36 golang-github-gorhill-cronexpr-1.0.0-4.fc36 golang-github-grpc-ecosystem-gateway-2-2.7.3-4.fc36 golang-github-gucumber-0-0.23.20190703git7d5c79e.fc36 golang-github-haproxytech-client-native-2.5.3-3.fc36 golang-github-haproxytech-dataplaneapi-2.4.4-4.fc36 golang-github-hashicorp-consul-migrate-0.1.0-9.20190602git678fb10.fc36 golang-github-hashicorp-hclog-0.15.0-5.fc36 golang-github-hashicorp-memdb-1.3.0-5.fc36 golang-github-hashicorp-serf-0.9.5-5.fc36 golang-github-hashicorp-sockaddr-1.0.2-11.fc36 golang-github-hpcloud-tail-1.0.0-10.20190325gita1dbeea.fc36 golang-github-insomniacslk-termhook-0-6.20210406gita267c97.fc36 golang-github-instrumenta-kubeval-0.15.0-8.fc36 golang-github-intel-goresctrl-0.2.0-5.fc36 golang-github-j-keck-arping-1.0.2-3.fc36 golang-github-jmespath-0.4.0-5.fc36 golang-github-jsonnet-bundler-0.4.0-8.fc36 golang-github-jwt-3.2.2-3.fc36 golang-github-kr-text-0.2.0-5.fc36 golang-github-krishicks-yaml-patch-0.0.10-8.20200307git05b3177.fc36 golang-github-kyokomi-emoji-2.2.8-5.fc36 golang-github-ledisdb-0.6-5.20210112gitd35789e.fc36 golang-github-leonelquinteros-gotext-1.5.0-2.fc36 golang-github-leveldb-0-0.9.20190701git259d925.fc36 golang-github-liamg-tml-0.6.0-2.fc36 golang-github-magefile-mage-1.11.0-5.fc36 golang-github-mailru-easyjson-0.7.6-5.fc36 golang-github-markbates-pkger-0.17.1-5.fc36 golang-github-martinhoefling-goxkcdpwgen-0.1.0-2.fc36 golang-github-mattn-colorable-0.1.8-5.fc36 golang-github-mdlayher-dhcp6-0-0.8.20200429git2a67805.fc36 golang-github-mgutz-ansi-0-0.13.20200729gitd51e80e.fc36 golang-github-mholt-archiver-3.5.1-3.fc36 golang-github-microcosm-cc-bluemonday-1.0.17-3.fc36 golang-github-mmarkdown-mmark-2.2.10-5.fc36 golang-github-mock-1.6.0-3.fc36 golang-github-morikuni-aec-1.0.0-5.fc36 golang-github-mrunalp-fileutils-0.5.0-5.fc36 golang-github-multiformats-multibase-0.0.3-2.20220213gitf067816.fc36 golang-github-multiformats-multihash-0.1.0-2.fc36 golang-github-mvo5-uboot-0.4-10.fc36 golang-github-nats-io-nkeys-0.2.0-5.fc36 golang-github-nats-io-streaming-server-0.20.0-5.fc36 golang-github-nbutton23-zxcvbn-0.1-8.20210110gite56b841.fc36 golang-github-nicksnyder-i18n-2-2.1.2-5.fc36 golang-github-nxadm-tail-1.4.6-7.fc36 golang-github-oklog-0.3.2-10.20190701gitca7cdf5.fc36 golang-github-oklog-ulid-2.0.2-10.fc36 golang-github-olekukonko-tablewriter-0.0.5-3.fc36 golang-github-oneofone-xxhash-1.2.8-5.fc36 golang-github-onsi-ginkgo-2-2.1.4-2.fc36 golang-github-pact-foundation-1.5.1-6.fc36 golang-github-pdfcpu-0.3.13-2.fc36 golang-github-pelletier-toml-1.9.4-2.fc36 golang-github-pelletier-toml-2-2.0.0~beta.8-4.fc36 golang-github-phayes-freeport-1.0.2-6.fc36 golang-github-pierrec-lz4-4.1.3-5.fc36 golang-github-pierrre-geohash-1.0.0-4.fc36 golang-github-pkg-diff-0-0.4.20210406git20ebb0f.fc36 golang-github-posener-complete-1.2.3-8.fc36 golang-github-posener-complete-2-2.0.1~alpha.13-5.fc36 golang-github-pquerna-ffjson-0-0.9.20200730gitaa0246c.fc36 golang-github-pressly-goose-2.7.0-4.fc36 golang-github-projectdiscovery-chaos-client-0.2.0-2.fc36 golang-github-projectdiscovery-mapcidr-0.0.8-3.fc36 golang-github-prometheus-2.32.1-5.fc36 golang-github-prometheus-alertmanager-0.23.0-9.fc36 golang-github-prometheus-node-exporter-1.3.1-8.fc36 golang-github-prometheus-prom2json-1.3.0-8.20210811git90766c0.fc36 golang-github-prometheus-tsdb-0.10.0-7.fc36 golang-github-quay-goval-parser-0.8.6-4.fc36 golang-github-rakyll-statik-0.1.7-8.fc36 golang-github-rcrowley-metrics-0-0.28.20210110gitcf1acfc.fc36 golang-github-redteampentesting-monsoon-0.6.0-6.fc36 golang-github-rogpeppe-internal-1.8.1-2.fc36 golang-github-rubenv-sql-migrate-0-0.4.20210529gita32ed26.fc36 golang-github-rwcarlsen-goexif-0-0.9.20191017git9e8deec.fc36 golang-github-shellcode33-vm-detection-0-0.6.20200715git4fd05cb.fc36 golang-github-shopify-sarama-1.27.2-5.fc36 golang-github-shulhan-bindata-3.6.1-6.fc36 golang-github-shurcool-vfsgen-0-0.11.20210113git0d455de.fc36 golang-github-skip2-qrcode-0-2.20220316gitda1b656.fc36 golang-github-snappy-0.0.2-6.fc36 golang-github-sourcegraph-syntaxhighlight-0-0.11.20180418gitbd320f5.fc36 golang-github-spf13-cobra-1.4.0-3.fc36 golang-github-tdewolff-minify-2.11.10-3.fc36 golang-github-temoto-robotstxt-1.1.2-3.fc36 golang-github-theupdateframework-notary-0.7.0-5.fc36 golang-github-twitchtv-twirp-8.1.0-4.fc36 golang-github-twpayne-waypoint-0-0.4.20210130git4f8e6bf.fc36 golang-github-u-root-iscsinl-0.1.0-4.fc36 golang-github-uber-athenadriver-1.1.12-5.fc36 golang-github-uber-jaeger-client-2.30.0-2.fc36 golang-github-ulikunitz-xz-0.5.10-4.fc36 golang-github-valyala-fasthttp-1.29.0-3.fc36 golang-github-vbatts-tar-split-0.11.1-10.fc36 golang-github-vincent-petithory-dataurl-0-0.7.20200110gitd1553a7.fc36 golang-github-vmware-govmomi-0.24.0-5.fc36 golang-github-xo-terminfo-0-0.6.20210113gitc22d04b.fc36 golang-github-xordataexchange-crypt-0.0.2-12.20190412gitb2862e3.fc36 golang-github-yuin-gopher-lua-0-23.20220305gitf4c35e4.fc36 golang-gitlab-commonmark-linkify-0-0.9.20200805git64bca66.fc36 golang-google-appengine-1.6.7-5.fc36 golang-google-protobuf-1.27.1-5.fc36 golang-gopkg-neurosnap-sentences-1-1.0.6-14.fc36 golang-gopkg-square-jose-2-2.6.0-3.fc36 golang-gopkg-src-d-git-4-4.13.1-8.fc36 golang-honnef-tools-2021.1.2-2.20220304git852a31a.fc36 golang-jaytaylor-html2text-0-0.2.20220509gitbc68cce.fc36 golang-k8s-apiextensions-apiserver-1.22.0-6.fc36 golang-k8s-code-generator-1.22.0-4.fc36 golang-k8s-kube-aggregator-1.22.0-4.fc36 golang-k8s-kube-openapi-0-0.21.20210813git3c81807.fc36 golang-k8s-pod-security-admission-1.22.0-3.fc36 golang-k8s-sample-apiserver-1.22.0-5.fc36 golang-k8s-sample-cli-plugin-1.22.0-4.fc36 golang-k8s-sample-controller-1.22.0-4.fc36 golang-mongodb-mongo-driver-1.4.5-6.fc36 golang-mvdan-xurls-2.2.0-6.fc36 golang-sourcegraph-appdash-0-0.9.20210113gitebfcffb.fc36 golang-storj-drpc-0.0.31-2.fc36 golang-vbom-util-0-0.11.20190520gitefcd4e0.fc36 golang-x-debug-0-0.14.20210123gitc934e1b.fc36 golang-x-exp-0-0.43.20220330git053ad81.fc36 golang-x-lint-0-16.20210123git83fdc39.fc36 golang-x-mod-0.6.0~dev-3.20220330git9b9b3d8.fc36 golang-x-perf-0-0.15.20210123gitbdcc622.fc36 golang-x-text-0.3.7-2.fc36 golist-0.10.1-9.fc36 goloris-0-0.6.20200326gita59fafb.fc36 gopass-hibp-1.12.0-2.20220511gitd4baae0.fc36 gopass-jsonapi-1.11.1-2.20220511git5dc831e.fc36 gotags-1.4.1-8.fc36 grpcurl-1.8.6-3.fc36 hakrevdns-0-0.5.20201116git9fa2d59.fc36 hcloud-1.29.5-3.fc36 htmltest-0.15.0-3.fc36 httprobe-0.1.2-6.fc36 hulk-0-0.6.20200620git9670699.fc36 jid-0.7.6-9.fc36 kiln-0.2.0-4.fc36 kubernetes-1.24.1-2.fc36 mass3-0-0.6.20200627gite1d5f1a.fc36 meg-0.2.4-6.fc36 meshbird-2.3-6.fc36 micro-2.0.8-5.fc36 moby-engine-20.10.17-3.fc36 mqttcli-0.2.3-2.fc36 nats-server-2.1.9-6.fc36 netscanner-0-0.5.20201116git8baab36.fc36 ohmybackup-0-0.6.20200526git50f2fce.fc36 onionscan-0.2-7.fc36 open-policy-agent-0.31.0-5.fc36 podman-tui-0.4.0-2.fc36 powerline-go-1.21.0-4.fc36 shellz-1.5.0-7.fc36 shhgit-0.2-7.fc36 snapd-2.55.3-2.fc36 snowcrash-0-0.7.20201119git49b99ad.fc36 source-to-image-1.3.1-4.fc36 subfinder-2.5.2-2.fc36 syncthing-1.20.2-2.fc36 sysutil-0-0.7.20200615git15668db.fc36 terrier-0.0.2-6.fc36 tiedot-3.4-8.fc36 toolbox-0.0.99.3-5.fc36 vgrep-2.6.0-2.fc36 vultr-2.0.3-5.fc36 vultr-cli-2.12.2-2.fc36 webanalyze-0.3.1-6.fc36 weldr-client-35.5-2.fc36 wgctrl-0-0.11.20210811git4253848.fc36 xq-0.0.7-4.fc36 yggdrasil-0.2.98^1.ffb580f-0.2.20220127gitffb580f.fc36 yubihsm-connector-3.0.2-3.fc36

Read Time:12 Minute, 4 Second

FEDORA-2022-fae3ecee19

Packages in this update:

3mux-1.1.0-5.fc36
act-1.6.0-6.fc36
aerc-0.10.0-3.fc36
age-1.0.0-5.fc36
apache-cloudstack-cloudmonkey-6.2.0-3.fc36
aquatone-1.7.0-7.fc36
aron-0-0.6.20200626git7eade58.fc36
asnip-0-0.6.20200618git44ba98b.fc36
assetfinder-0.1.0-6.fc36
bettercap-2.32.0-4.fc36
cadvisor-0.44.1-2.fc36
chisel-1.7.7-3.fc36
clash-1.8.0-4.fc36
commit-stream-0.1.2-7.fc36
containerd-1.6.6-3.fc36
direnv-2.28.0-5.fc36
dnscrypt-proxy-2.1.1-4.fc36
dnsx-1.1.0-3.fc36
douceur-0.2.0-14.fc36
duf-0.8.1-3.fc36
ffuf-1.0.2-6.fc36
fzf-0.30.0-3.fc36
geoipupdate-4.9.0-2.fc36
gh-2.12.1-3.fc36
git-time-metric-1.3.5-15.fc36
glide-0.13.2-10.fc36
goaltdns-0-0.7.20200627git2b3e8a3.fc36
gobuster-3.1.0-3.fc36
godoctor-0.6-12.fc36
godotenv-1.4.0-4.fc36
gojq-0.12.8-3.fc36
golang-bug-serial-1-1.3.5-3.fc36
golang-contrib-opencensus-resource-0.1.2-7.fc36
golang-etcd-bbolt-1.3.6-4.fc36
golang-gioui-0-8.20201225git18d4dbf.fc36
golang-github-a8m-tree-0-0.16.20210725gitce3525c.fc36
golang-github-acme-lego-4.4.0-6.fc36
golang-github-ajstarks-deck-0-0.12.20210114git30c9fc6.fc36
golang-github-akavel-rsrc-0.10.2-4.fc36
golang-github-alecthomas-chroma-0.10.0-3.fc36
golang-github-aliyun-ossutil-1.7.9-3.fc36
golang-github-andybalholm-cascadia-1.2.0-6.fc36
golang-github-apache-beam-2-2.33.0~RC1-7.fc36
golang-github-appc-docker2aci-0.17.2-9.fc36
golang-github-appc-goaci-0.1.1-12.fc36
golang-github-appc-spec-0.8.11-14.fc36
golang-github-aryann-difflib-0-0.5.20200822gite206f87.fc36
golang-github-aws-lambda-1.26.0-4.fc36
golang-github-axgle-mahonia-0-0.13.20181112git3358181.fc36
golang-github-bifurcation-mint-0-0.9.20200724git93c820e.fc36
golang-github-bobesa-domain-util-0-0.6.20200504git4033b5f.fc36
golang-github-burntsushi-toml-1.0.0-5.fc36
golang-github-burntsushi-toml-test-0.2.0-11.20210108git9767d20.fc36
golang-github-burntsushi-xgb-0-0.15.20210108git5f9e7b3.fc36
golang-github-cactus-statsd-client-5.0.0-5.fc36
golang-github-c-bata-prompt-0.2.6-4.fc36
golang-github-cespare-xxhash-2.1.2-3.fc36
golang-github-chai2010-gettext-1.0.2-6.fc36
golang-github-chris-ramon-douceur-0.2.0-5.20200910gitf346305.fc36
golang-github-christrenkamp-goxpath-0-0.6.20200627gitc5096ec.fc36
golang-github-cilium-ebpf-0.8.0-2.fc36
golang-github-client9-plaintext-0-0.8.20190703git5bf47e7.fc36
golang-github-cloudflare-0.21.0-3.fc36
golang-github-cloudflare-redoctober-0-0.11.20210114git99c99a8.fc36
golang-github-cockroachdb-pebble-0-0.8.20210108git48f5530.fc36
golang-github-colinmarc-hdfs-2-2.2.0-4.fc36
golang-github-containerd-continuity-0.2.2-3.fc36
golang-github-containerd-fuse-overlayfs-snapshotter-1.0.2-7.fc36
golang-github-containerd-stargz-snapshotter-0.10.1-2.fc36
golang-github-containernetworking-cni-1.1.1-4.fc36
golang-github-coredns-corefile-migration-1.0.11-6.fc36
golang-github-cpu-goacmedns-0.1.1-5.fc36
golang-github-cpuguy83-md2man-2.0.2-2.fc36
golang-github-crossdock-0-0.8.20190628git049aabb.fc36
golang-github-cucumber-godog-0.12.1-4.fc36
golang-github-dave-jennifer-1.4.1-5.fc36
golang-github-deepmap-oapi-codegen-1.8.2-3.fc36
golang-github-dgrijalva-jwt-3.2.0-11.fc36
golang-github-dreamacro-shadowsocks2-0.1.7-6.fc36
golang-github-dustinkirkland-petname-0-0.6.20200605git8e5a1ed.fc36
golang-github-eknkc-amber-0-0.17.20190601gitcdade1c.fc36
golang-github-elazarl-bindata-assetfs-1.0.1-9.fc36
golang-github-emersion-smtp-0.15.0-4.fc36
golang-github-envoyproxy-protoc-gen-validate-0.4.1-6.fc36
golang-github-etcd-io-gofail-0-0.3.20210808gitad7f989.fc36
golang-github-evanphx-json-patch-5.5.0-3.fc36
golang-github-evanw-esbuild-0.14.38-2.fc36
golang-github-fernet-0-0.9.20200726giteff2850.fc36
golang-github-francoispqt-gojay-1.2.13-7.fc36
golang-github-fvbommel-util-0.0.3-5.fc36
golang-github-gdamore-tcell-1.4.0-5.fc36
golang-github-gdamore-tcell-2-2.5.0-2.fc36
golang-github-geertjohan-rice-1.0.2-5.fc36
golang-github-gobuffalo-here-0.6.2-5.fc36
golang-github-gobwas-ws-1.1.0-3.fc36
golang-github-gocolly-colly-2-2.1.0-4.20210920git2f09941.fc36
golang-github-gogo-googleapis-1.4.1-4.fc36
golang-github-gohugoio-localescompressed-1.0.1-2.fc36
golang-github-gohugoio-testmodbuilder-0-0.10.20201030git72e1e0c.fc36
golang-github-golangci-lint-1-0-0.5.20200828gitd2cdd8c.fc36
golang-github-googleapis-gnostic-0.5.3-6.fc36
golang-github-googlecloudplatform-cloudsql-proxy-1.19.1-6.fc36
golang-github-google-jsonnet-0.17.0-5.fc36
golang-github-google-martian-3.1.0-9.fc36
golang-github-google-pprof-0-16.20210802gitc50bf4f.fc36
golang-github-google-slothfs-0-0.11.20200727git59c1163.fc36
golang-github-google-wire-0.5.0-3.fc36
golang-github-gorhill-cronexpr-1.0.0-4.fc36
golang-github-grpc-ecosystem-gateway-2-2.7.3-4.fc36
golang-github-gucumber-0-0.23.20190703git7d5c79e.fc36
golang-github-haproxytech-client-native-2.5.3-3.fc36
golang-github-haproxytech-dataplaneapi-2.4.4-4.fc36
golang-github-hashicorp-consul-migrate-0.1.0-9.20190602git678fb10.fc36
golang-github-hashicorp-hclog-0.15.0-5.fc36
golang-github-hashicorp-memdb-1.3.0-5.fc36
golang-github-hashicorp-serf-0.9.5-5.fc36
golang-github-hashicorp-sockaddr-1.0.2-11.fc36
golang-github-hpcloud-tail-1.0.0-10.20190325gita1dbeea.fc36
golang-github-insomniacslk-termhook-0-6.20210406gita267c97.fc36
golang-github-instrumenta-kubeval-0.15.0-8.fc36
golang-github-intel-goresctrl-0.2.0-5.fc36
golang-github-j-keck-arping-1.0.2-3.fc36
golang-github-jmespath-0.4.0-5.fc36
golang-github-jsonnet-bundler-0.4.0-8.fc36
golang-github-jwt-3.2.2-3.fc36
golang-github-krishicks-yaml-patch-0.0.10-8.20200307git05b3177.fc36
golang-github-kr-text-0.2.0-5.fc36
golang-github-kyokomi-emoji-2.2.8-5.fc36
golang-github-ledisdb-0.6-5.20210112gitd35789e.fc36
golang-github-leonelquinteros-gotext-1.5.0-2.fc36
golang-github-leveldb-0-0.9.20190701git259d925.fc36
golang-github-liamg-tml-0.6.0-2.fc36
golang-github-magefile-mage-1.11.0-5.fc36
golang-github-mailru-easyjson-0.7.6-5.fc36
golang-github-markbates-pkger-0.17.1-5.fc36
golang-github-martinhoefling-goxkcdpwgen-0.1.0-2.fc36
golang-github-mattn-colorable-0.1.8-5.fc36
golang-github-mdlayher-dhcp6-0-0.8.20200429git2a67805.fc36
golang-github-mgutz-ansi-0-0.13.20200729gitd51e80e.fc36
golang-github-mholt-archiver-3.5.1-3.fc36
golang-github-microcosm-cc-bluemonday-1.0.17-3.fc36
golang-github-mmarkdown-mmark-2.2.10-5.fc36
golang-github-mock-1.6.0-3.fc36
golang-github-morikuni-aec-1.0.0-5.fc36
golang-github-mrunalp-fileutils-0.5.0-5.fc36
golang-github-multiformats-multibase-0.0.3-2.20220213gitf067816.fc36
golang-github-multiformats-multihash-0.1.0-2.fc36
golang-github-mvo5-uboot-0.4-10.fc36
golang-github-nats-io-nkeys-0.2.0-5.fc36
golang-github-nats-io-streaming-server-0.20.0-5.fc36
golang-github-nbutton23-zxcvbn-0.1-8.20210110gite56b841.fc36
golang-github-nicksnyder-i18n-2-2.1.2-5.fc36
golang-github-nxadm-tail-1.4.6-7.fc36
golang-github-oklog-0.3.2-10.20190701gitca7cdf5.fc36
golang-github-oklog-ulid-2.0.2-10.fc36
golang-github-olekukonko-tablewriter-0.0.5-3.fc36
golang-github-oneofone-xxhash-1.2.8-5.fc36
golang-github-onsi-ginkgo-2-2.1.4-2.fc36
golang-github-pact-foundation-1.5.1-6.fc36
golang-github-pdfcpu-0.3.13-2.fc36
golang-github-pelletier-toml-1.9.4-2.fc36
golang-github-pelletier-toml-2-2.0.0~beta.8-4.fc36
golang-github-phayes-freeport-1.0.2-6.fc36
golang-github-pierrec-lz4-4.1.3-5.fc36
golang-github-pierrre-geohash-1.0.0-4.fc36
golang-github-pkg-diff-0-0.4.20210406git20ebb0f.fc36
golang-github-posener-complete-1.2.3-8.fc36
golang-github-posener-complete-2-2.0.1~alpha.13-5.fc36
golang-github-pquerna-ffjson-0-0.9.20200730gitaa0246c.fc36
golang-github-pressly-goose-2.7.0-4.fc36
golang-github-projectdiscovery-chaos-client-0.2.0-2.fc36
golang-github-projectdiscovery-mapcidr-0.0.8-3.fc36
golang-github-prometheus-2.32.1-5.fc36
golang-github-prometheus-alertmanager-0.23.0-9.fc36
golang-github-prometheus-node-exporter-1.3.1-8.fc36
golang-github-prometheus-prom2json-1.3.0-8.20210811git90766c0.fc36
golang-github-prometheus-tsdb-0.10.0-7.fc36
golang-github-quay-goval-parser-0.8.6-4.fc36
golang-github-rakyll-statik-0.1.7-8.fc36
golang-github-rcrowley-metrics-0-0.28.20210110gitcf1acfc.fc36
golang-github-redteampentesting-monsoon-0.6.0-6.fc36
golang-github-rogpeppe-internal-1.8.1-2.fc36
golang-github-rubenv-sql-migrate-0-0.4.20210529gita32ed26.fc36
golang-github-rwcarlsen-goexif-0-0.9.20191017git9e8deec.fc36
golang-github-shellcode33-vm-detection-0-0.6.20200715git4fd05cb.fc36
golang-github-shopify-sarama-1.27.2-5.fc36
golang-github-shulhan-bindata-3.6.1-6.fc36
golang-github-shurcool-vfsgen-0-0.11.20210113git0d455de.fc36
golang-github-skip2-qrcode-0-2.20220316gitda1b656.fc36
golang-github-snappy-0.0.2-6.fc36
golang-github-sourcegraph-syntaxhighlight-0-0.11.20180418gitbd320f5.fc36
golang-github-spf13-cobra-1.4.0-3.fc36
golang-github-tdewolff-minify-2.11.10-3.fc36
golang-github-temoto-robotstxt-1.1.2-3.fc36
golang-github-theupdateframework-notary-0.7.0-5.fc36
golang-github-twitchtv-twirp-8.1.0-4.fc36
golang-github-twpayne-waypoint-0-0.4.20210130git4f8e6bf.fc36
golang-github-uber-athenadriver-1.1.12-5.fc36
golang-github-uber-jaeger-client-2.30.0-2.fc36
golang-github-ulikunitz-xz-0.5.10-4.fc36
golang-github-u-root-iscsinl-0.1.0-4.fc36
golang-github-valyala-fasthttp-1.29.0-3.fc36
golang-github-vbatts-tar-split-0.11.1-10.fc36
golang-github-vincent-petithory-dataurl-0-0.7.20200110gitd1553a7.fc36
golang-github-vmware-govmomi-0.24.0-5.fc36
golang-github-xordataexchange-crypt-0.0.2-12.20190412gitb2862e3.fc36
golang-github-xo-terminfo-0-0.6.20210113gitc22d04b.fc36
golang-github-yuin-gopher-lua-0-23.20220305gitf4c35e4.fc36
golang-gitlab-commonmark-linkify-0-0.9.20200805git64bca66.fc36
golang-google-appengine-1.6.7-5.fc36
golang-google-protobuf-1.27.1-5.fc36
golang-gopkg-neurosnap-sentences-1-1.0.6-14.fc36
golang-gopkg-square-jose-2-2.6.0-3.fc36
golang-gopkg-src-d-git-4-4.13.1-8.fc36
golang-honnef-tools-2021.1.2-2.20220304git852a31a.fc36
golang-jaytaylor-html2text-0-0.2.20220509gitbc68cce.fc36
golang-k8s-apiextensions-apiserver-1.22.0-6.fc36
golang-k8s-code-generator-1.22.0-4.fc36
golang-k8s-kube-aggregator-1.22.0-4.fc36
golang-k8s-kube-openapi-0-0.21.20210813git3c81807.fc36
golang-k8s-pod-security-admission-1.22.0-3.fc36
golang-k8s-sample-apiserver-1.22.0-5.fc36
golang-k8s-sample-cli-plugin-1.22.0-4.fc36
golang-k8s-sample-controller-1.22.0-4.fc36
golang-mongodb-mongo-driver-1.4.5-6.fc36
golang-mvdan-xurls-2.2.0-6.fc36
golang-sourcegraph-appdash-0-0.9.20210113gitebfcffb.fc36
golang-storj-drpc-0.0.31-2.fc36
golang-vbom-util-0-0.11.20190520gitefcd4e0.fc36
golang-x-debug-0-0.14.20210123gitc934e1b.fc36
golang-x-exp-0-0.43.20220330git053ad81.fc36
golang-x-lint-0-16.20210123git83fdc39.fc36
golang-x-mod-0.6.0~dev-3.20220330git9b9b3d8.fc36
golang-x-perf-0-0.15.20210123gitbdcc622.fc36
golang-x-text-0.3.7-2.fc36
golist-0.10.1-9.fc36
goloris-0-0.6.20200326gita59fafb.fc36
gopass-hibp-1.12.0-2.20220511gitd4baae0.fc36
gopass-jsonapi-1.11.1-2.20220511git5dc831e.fc36
gotags-1.4.1-8.fc36
grpcurl-1.8.6-3.fc36
hakrevdns-0-0.5.20201116git9fa2d59.fc36
hcloud-1.29.5-3.fc36
htmltest-0.15.0-3.fc36
httprobe-0.1.2-6.fc36
hulk-0-0.6.20200620git9670699.fc36
jid-0.7.6-9.fc36
kiln-0.2.0-4.fc36
kubernetes-1.24.1-2.fc36
mass3-0-0.6.20200627gite1d5f1a.fc36
meg-0.2.4-6.fc36
meshbird-2.3-6.fc36
micro-2.0.8-5.fc36
moby-engine-20.10.17-3.fc36
mqttcli-0.2.3-2.fc36
nats-server-2.1.9-6.fc36
netscanner-0-0.5.20201116git8baab36.fc36
ohmybackup-0-0.6.20200526git50f2fce.fc36
onionscan-0.2-7.fc36
open-policy-agent-0.31.0-5.fc36
podman-tui-0.4.0-2.fc36
powerline-go-1.21.0-4.fc36
shellz-1.5.0-7.fc36
shhgit-0.2-7.fc36
snapd-2.55.3-2.fc36
snowcrash-0-0.7.20201119git49b99ad.fc36
source-to-image-1.3.1-4.fc36
subfinder-2.5.2-2.fc36
syncthing-1.20.2-2.fc36
sysutil-0-0.7.20200615git15668db.fc36
terrier-0.0.2-6.fc36
tiedot-3.4-8.fc36
toolbox-0.0.99.3-5.fc36
vgrep-2.6.0-2.fc36
vultr-2.0.3-5.fc36
vultr-cli-2.12.2-2.fc36
webanalyze-0.3.1-6.fc36
weldr-client-35.5-2.fc36
wgctrl-0-0.11.20210811git4253848.fc36
xq-0.0.7-4.fc36
yggdrasil-0.2.98^1.ffb580f-0.2.20220127gitffb580f.fc36
yubihsm-connector-3.0.2-3.fc36

Update description:

Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327, CVE-2022-27191, CVE-2022-29526, CVE-2022-30629

Update to 1.1.0

Disable package_note on arm too

update to 0.44.1 rhbz#2007854

Add missing archive

Update to 0.0.31 – Close: rhbz#1963535

Read More

USN-5489-1: QEMU vulnerabilities

Read Time:1 Minute, 17 Second

Alexander Bulekov discovered that QEMU incorrectly handled floppy disk
emulation. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly leak
sensitive information. (CVE-2021-3507)

It was discovered that QEMU incorrectly handled NVME controller emulation.
An attacker inside the guest could use this issue to cause QEMU to crash,
resulting in a denial of service, or possibly execute arbitrary code. This
issue only affected Ubuntu 22.04 LTS. (CVE-2021-3929)

It was discovered that QEMU incorrectly handled QXL display device
emulation. A privileged attacker inside the guest could use this issue to
cause QEMU to crash, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2021-4206, CVE-2021-4207)

Jietao Xiao, Jinku Li, Wenbo Shen, and Nanzi Yang discovered that QEMU
incorrectly handled the virtiofsd shared file system daemon. An attacker
inside the guest could use this issue to create files with incorrect
ownership, possibly leading to privilege escalation. This issue only
affected Ubuntu 22.04 LTS. (CVE-2022-0358)

It was discovered that QEMU incorrectly handled virtio-net devices. A
privileged attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-26353)

It was discovered that QEMU incorrectly handled vhost-vsock devices. A
privileged attacker inside the guest could use this issue to cause QEMU to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2022-26354)

Read More

USN-5487-1: Apache HTTP Server vulnerabilities

Read Time:59 Second

It was discovered that Apache HTTP Server mod_proxy_ajp incorrectly handled
certain crafted request. A remote attacker could possibly use this issue to
perform an HTTP Request Smuggling attack. (CVE-2022-26377)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-28614)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a crash or expose
sensitive information. (CVE-2022-28615)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-29404)

It was discovered that Apache HTTP Server incorrectly handled certain
request. An attacker could possibly use this issue to cause a crash.
(CVE-2022-30522)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to execute arbitrary code or cause
a crash. (CVE-2022-30556)

It was discovered that Apache HTTP Server incorrectly handled certain request.
An attacker could possibly use this issue to bypass IP based authentication.
(CVE-2022-31813)

Read More

CVE-2017-20067

Read Time:18 Second

A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input ‘or”=’ leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Read More

CVE-2017-20068

Read Time:16 Second

A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Read More