This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Category Archives: Advisories
ZDI-22-789: Trend Micro Maximum Security Link Following Arbitrary File Deletion Vulnerability
This vulnerability allows local attackers to delete arbitrary files on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-788: Ivanti Avalanche SetSettings Exposed Dangerous Function Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability.
ZDI-22-812: Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-811: [INTERNAL] Apple macOS PackageKit PKInstallSandbox SIP Bypass vulnerability
USN-5445-1: Subversion vulnerabilities
Ace Olszowka discovered that Subversion incorrectly handled certain
svnserve requests. A remote attacker could possibly use this issue to cause
svnserver to crash, resulting in a denial of service. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-11782)
Tomas Bortoli discovered that Subversion incorrectly handled certain
svnserve requests. A remote attacker could possibly use this issue to cause
svnserver to crash, resulting in a denial of service. This issue only
affected Ubuntu 18.04 LTS. (CVE-2019-0203)
Thomas Åkesson discovered that Subversion incorrectly handled certain
inputs. An attacker could possibly use this issue to cause a denial of
service. (CVE-2020-17525)
DSA-5149 cups – security update
Joshua Mason discovered that a logic error in the validation of the
secret key used in the local authorisation mode of the CUPS printing
system may result in privilege escalation.
firefox-100.0.2-2.fc34
FEDORA-2022-c5a8d2c7f4
Packages in this update:
firefox-100.0.2-2.fc34
Update description:
Fixed missing popups in some scenarios on Wayland (https://bugzilla.mozilla.org/show_bug.cgi?id=1771104)
Updated to latest upstream (100.0.2)
Fixed crashes on Wayland during recovery from sleep.
kernel-5.17.11-300.fc36 kernel-headers-5.17.11-300.fc36 kernel-tools-5.17.11-300.fc36
FEDORA-2022-8095b23575
Packages in this update:
kernel-5.17.11-300.fc36
kernel-headers-5.17.11-300.fc36
kernel-tools-5.17.11-300.fc36
Update description:
The 5.17.11 stable kernel update contains a number of important fixes across the tree.
kernel-5.17.11-100.fc34 kernel-headers-5.17.11-100.fc34 kernel-tools-5.17.11-100.fc34
FEDORA-2022-014c3a24d9
Packages in this update:
kernel-5.17.11-100.fc34
kernel-headers-5.17.11-100.fc34
kernel-tools-5.17.11-100.fc34
Update description:
The 5.17.11 stable kernel update contains a number of important fixes across the tree.