Felix Wilhelm reported that several buffer handling functions in
libxml2, a library providing support to read, modify and write XML and
HTML files, don’t check for integer overflows, resulting in
out-of-bounds memory writes if specially crafted, multi-gigabyte XML
files are processed. An attacker can take advantage of this flaw for
denial of service or execution of arbitrary code.
Category Archives: Advisories
mingw-pcre2-10.40-1.fc36
FEDORA-2022-9c9691d058
Packages in this update:
mingw-pcre2-10.40-1.fc36
Update description:
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.
mingw-pcre2-10.40-1.fc35
FEDORA-2022-19f4c34184
Packages in this update:
mingw-pcre2-10.40-1.fc35
Update description:
Update to pcre2-10.40, see https://github.com/PCRE2Project/pcre2/blob/pcre2-10.40/NEWS for details.
CVE-2021-30028
SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely.
rubygem-git-1.3.0-2.el7
FEDORA-EPEL-2022-d1317f7176
Packages in this update:
rubygem-git-1.3.0-2.el7
Update description:
Security fix for CVE-2022-25648
rubygem-git-1.11.0-1.el8
FEDORA-EPEL-2022-81ce78cd62
Packages in this update:
rubygem-git-1.11.0-1.el8
Update description:
Security fix for CVE-2022-25648
needrestart-3.6-1.el8
FEDORA-EPEL-2022-b991c4d1df
Packages in this update:
needrestart-3.6-1.el8
Update description:
Security fix for CVE-2022-30688
needrestart-3.6-1.el7
FEDORA-EPEL-2022-4add1d3059
Packages in this update:
needrestart-3.6-1.el7
Update description:
Security fix for CVE-2022-30688
CVE-2020-4107
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure.
gron-0.6.1-2.fc34
FEDORA-2022-53f0c619c5
Packages in this update:
gron-0.6.1-2.fc34
Update description:
Security fix for CVE-2022-28327