Read Time:9 Second
FEDORA-EPEL-2022-b3575fc91b
Packages in this update:
rubygem-nokogiri-1.6.1-1.el7.2
Update description:
Backport CVE-2022-24836 (#2074347), Backport CVE-2022-29181 (#2088685)
Category Archives: Advisories
CVE-2021-27783
Read Time:4 Second
User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.
CVE-2021-27779
Read Time:6 Second
VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.
logrotate-3.18.1-3.fc35
Read Time:9 Second
FEDORA-2022-eccaf1aee8
Packages in this update:
logrotate-3.18.1-3.fc35
Update description:
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
logrotate-3.20.1-1.fc36
Read Time:9 Second
FEDORA-2022-87c0f05204
Packages in this update:
logrotate-3.20.1-1.fc36
Update description:
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
logrotate-3.18.0-4.fc34
Read Time:9 Second
FEDORA-2022-71ece75de1
Packages in this update:
logrotate-3.18.0-4.fc34
Update description:
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
CVE-2021-32966
Read Time:15 Second
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
CVE-2021-32989
Read Time:9 Second
When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.
CVE-2021-32997
Read Time:26 Second
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.
Multiple Vulnerabilities in Firefox Products Could Allow for Arbitrary Code Execution
Read Time:40 Second
Multiple vulnerabilities have been discovered in Mozilla Firefox Products, the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client
Mozilla Firefox for Android is the Android based Firefox Browser on Android devices.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.