Read Time:8 Second
FEDORA-2022-f1a8f72bb8
Packages in this update:
mutt-2.2.5-1.fc36
Update description:
Upgrade to 2.3.5
Upgrade to 2.2.3
Category Archives: Advisories
thunderbird-91.10.0-1.fc36
Read Time:9 Second
FEDORA-2022-a5d22b5dd8
Packages in this update:
thunderbird-91.10.0-1.fc36
Update description:
Update to 91.10.0
See https://www.mozilla.org/en-US/security/advisories/mfsa2022-22/
CVE-2022-1285
Read Time:5 Second
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.
ZDI-22-810: Microsoft Windows Installer Service Link Following Local Privilege Escalation Vulnerability
Read Time:11 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-809: Microsoft Excel XLS File Parsing Use-After-Free Remote Code Execution Vulnerability
Read Time:11 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-808: Microsoft Windows DiagTrack Service Link Following Privilege Escalation Vulnerability
Read Time:11 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-807: Microsoft Visual Studio VSIX Auto Update Deserialization of Untrusted Data Privilege Escalation Vulnerability
Read Time:11 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
USN-5443-2: Linux kernel vulnerabilities
Read Time:25 Second
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)
Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
USN-5442-2: Linux kernel vulnerabilities
Read Time:36 Second
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)
Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1116)
Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
CVE-2021-27778
Read Time:17 Second
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.