Read Time:10 Second
FEDORA-EPEL-2022-8d638fabd8
Packages in this update:
restic-0.13.1-1.el8
Update description:
Upgrade to upstream 0.13.1
Updated Go build dependencies to resolve #2074251, #2084694, and #2084874
Category Archives: Advisories
CVE-2017-20046
Read Time:14 Second
A vulnerability classified as problematic has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. It is recommended to upgrade the affected component.
CVE-2017-20047
Read Time:17 Second
A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
CVE-2017-20048
Read Time:20 Second
A vulnerability, which was classified as critical, has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this issue is some unknown functionality of the component Script Editor. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
CVE-2017-20049
Read Time:15 Second
A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. This affects an unknown part of the component CGI Script. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component.
CVE-2017-20050
Read Time:15 Second
A vulnerability has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007 and classified as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component.
USN-5481-1: BlueZ vulnerabilities
Read Time:12 Second
It was discovered that BlueZ incorrectly validated certain capabilities
and lengths when handling the A2DP profile. A remote attacker could use
this issue to cause BlueZ to crash, resulting in a denial of service, or
possibly execute arbitrary code.
[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities
Read Time:45 Second
[R1] Nessus Agent Version 10.1.4 Fixes Multiple Vulnerabilities
Arnie Cabral
Wed, 06/15/2022 – 12:36
Custom audit files bring tremendous power and flexibility when assessing the configuration of your assets. Two separate vulnerabilities that utilize this custom Audit functionality were identified, reported and fixed. With the release of Nessus Agent 10.1.4, Tenable has mitigated the reported issues by enabling the ability to sign and verify custom audit files.
1. CVE-2022-32973 – An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.
2. CVE-2022-32974 – An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials.
Additional details on the custom audit signing functionality can be found here: https://community.tenable.com/s/article/Audit-Signing-Overview
shim-15.6-1 shim-unsigned-aarch64-15.6-1 shim-unsigned-x64-15.6-1
Read Time:12 Second
FEDORA-2022-98830efc68
Packages in this update:
shim-15.6-1
shim-unsigned-aarch64-15.6-1
shim-unsigned-x64-15.6-1
Update description:
This fixes several issues, most notably BZ#1955416 and CVE-2022-28737. Please test.
USN-5479-1: PHP vulnerabilities
Read Time:24 Second
Charles Fol discovered that PHP incorrectly handled initializing certain
arrays when handling the pg_query_params function. A remote attacker could
use this issue to cause PHP to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2022-31625)
Charles Fol discovered that PHP incorrectly handled passwords in mysqlnd. A
remote attacker could use this issue to cause PHP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2022-31626)