TOCTOU (time-of-check to time-of-use) issue in the System Management Unit (SMU) may result in a DMA (Direct Memory Access) to invalid DRAM address that could result in denial of service.

Read More

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

Read More

FEDORA-EPEL-2022-f64d777807

Packages in this update:

golang-1.17.7-1.el7

Update description:

Update to 1.17.7, including fixes for CVE-2021-29923, CVE-2021-43565, CVE-2022-23806, CVE-2022-23772, and CVE-2022-23773

Read More

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass permission prompts, obtain sensitive information,
bypass security restrictions, or execute arbitrary code.

Read More

FEDORA-2022-3d8f00cde2

Packages in this update:

curl-7.79.1-4.fc35

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Read More

FEDORA-2022-8277bef335

Packages in this update:

curl-7.76.1-16.fc34

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)

fix credential leak on redirect (CVE-2022-27774)
fix auth/cookie leak on redirect (CVE-2022-27776)
fix bad local IPv6 connection reuse (CVE-2022-27775)
fix OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)

Read More

FEDORA-2022-d15a736748

Packages in this update:

curl-7.82.0-5.fc36

Update description:

fix too eager reuse of TLS and SSH connections (CVE-2022-27782)
do not accept cookies for TLD with trailing dot (CVE-2022-27779)
hsts: ignore trailing dots when comparing hosts names (CVE-2022-30115)
reject percent-encoded path separator in URL host (CVE-2022-27780)

Read More

Axel Chong discovered that curl incorrectly handled percent-encoded URL
separators. A remote attacker could possibly use this issue to trick curl
into using the wrong URL and bypass certain checks or filters. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-27780)

Florian Kohnhuser discovered that curl incorrectly handled returning a
TLS server’s certificate chain details. A remote attacker could possibly
use this issue to cause curl to stop responding, resulting in a denial of
service. (CVE-2022-27781)

Harry Sintonen discovered that curl incorrectly reused a previous
connection when certain options had been changed, contrary to expectations.
(CVE-2022-27782)

Read More

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.

Read More

Lenny Wang discovered that NSS incorrectly handled certain
messages. A remote attacker could possibly use this issue to cause
servers compiled with NSS to stop responding, resulting in a denial of service.

Read More