Read Time:6 Second
FEDORA-EPEL-2022-4add1d3059
Packages in this update:
needrestart-3.6-1.el7
Update description:
Security fix for CVE-2022-30688
Category Archives: Advisories
CVE-2020-4107
Read Time:10 Second
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
gron-0.6.1-2.fc34
Read Time:6 Second
FEDORA-2022-53f0c619c5
Packages in this update:
gron-0.6.1-2.fc34
Update description:
Security fix for CVE-2022-28327
Oracle Security Alert for CVE-2022-21500 – 19 May 2022
CVE-2021-32934
Read Time:20 Second
The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds.
CVE-2020-14496
Read Time:14 Second
Successful exploitation of this vulnerability for multiple Mitsubishi Electric Factory Automation Engineering Software Products of various versions could allow an attacker to escalate privilege and execute malicious programs, which could cause a denial-of-service condition, and allow information to be disclosed, tampered with, and/or destroyed.
CVE-2020-16209
Read Time:12 Second
A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP (release 1.0.0.0) by constructing messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device.
CVE-2020-16231
Read Time:35 Second
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks.
CVE-2020-16235
Read Time:8 Second
Inadequate encryption may allow the credentials used by Emerson OpenEnterprise, up through version 3.3.5, to access field devices and external systems to be obtained.
libarchive-3.5.3-2.fc36
Read Time:6 Second
FEDORA-2022-bbb5ec21b2
Packages in this update:
libarchive-3.5.3-2.fc36
Update description:
Fix for CVE-2022-26280