Read Time:6 Second
FEDORA-2022-1cf3c9578f
Packages in this update:
plib-1.8.5-30.fc34
Update description:
Security fix for CVE-2021-38714
Category Archives: Advisories
plib-1.8.5-30.fc35
Read Time:6 Second
FEDORA-2022-bcc0df5180
Packages in this update:
plib-1.8.5-30.fc35
Update description:
Security fix for CVE-2021-38714
plantuml-1.2022.5-1.fc35
Read Time:6 Second
FEDORA-2022-fda9f1f7bd
Packages in this update:
plantuml-1.2022.5-1.fc35
Update description:
Security fix for CVE-2022-1379
plantuml-1.2022.5-1.fc37
Read Time:16 Second
FEDORA-2022-ddfd750ade
Packages in this update:
plantuml-1.2022.5-1.fc37
Update description:
Automatic update for plantuml-1.2022.5-1.fc37.
Changelog
* Mon May 16 2022 Sandipan Roy <bytehackr@fedoraproject.org> – 1:1.2022.5-1
– Updated version to 1.2022.5
– Added fix for rhbz#2086392
Multiple Vulnerabilities in SonicWall SSLVPN SMA1000 Series Could Allow for Authentication Bypass
Read Time:19 Second
Multiple vulnerabilities in SonicWall SMA 1000 Series could allow for authentication bypass. Successful exploitation could allow an attacker to have unauthorized access to internal resources and even redirect potential victims to malicious websites. The SonicWall SMA 1000 Series is a unified secure access gateway that enables organizations to provide access to any application, anytime, from anywhere and any devices, including managed and unmanaged.
A vulnerability in Zyxel Firewall and VPN Could Allow for Arbitrary Code Execution
Read Time:21 Second
A vulnerability has been discovered in Zyxel Firewall and VPN, which could allow for arbitrary code execution. Zyxel is a manufacturer of networking devices that provides networking equipment globally. Successful exploitation of this vulnerability could allow for administrative access to the system, which could allow an attacker to change firewall settings, intercept traffic, create VPN accounts to gain access to the network behind the device, and perform additional administrative functions.
plib-1.8.5-30.fc37
Read Time:16 Second
FEDORA-2022-89c22f2ea9
Packages in this update:
plib-1.8.5-30.fc37
Update description:
Automatic update for plib-1.8.5-30.fc37.
Changelog
* Fri May 13 2022 Hans de Goede <hdegoede@redhat.com> – 1.8.5-30
– Add 3 patches from Debian
– Fixes CVE-2021-38714 (rhbz#1997815)
some details regarding CVE-2022-24422 / iDRAC VNC authentication
Read Time:24 Second
Posted by christian mock on May 13
The Dell advisory is a bit low on details, so:
The vulnerability is really just CVE-2006-2369 / CVE-2006-2450, but
wrapped in TLS (we’re in the 2020s, our auth bypasses are secure now!)
That means that your vuln scanner might or might not detect it, Nessus
for example does, but Nexpose apparently doesn’t.
It also means that metasploit’s “realvnc_41_bypass” is not directly
usable, you need to use your favorite TLS…
CVE-2021-22275
Read Time:9 Second
Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.
CVE-2020-22983
Read Time:11 Second
A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.