Read Time:9 Second
FEDORA-2022-f0db3943d9
Packages in this update:
vim-8.2.4927-1.fc35
Update description:
patchlevel 4927
Security fixes for CVE-2022-1616, CVE-2022-1619, CVE-2022-1619
Category Archives: Advisories
CVE-2019-25060
Read Time:13 Second
The WPGraphQL WordPress plugin before 0.3.5 doesn’t properly restrict access to information about other users’ roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site.
CVE-2021-20479
Read Time:11 Second
IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498.
vim-8.2.4927-1.fc36
Read Time:9 Second
FEDORA-2022-e92c3ce170
Packages in this update:
vim-8.2.4927-1.fc36
Update description:
patchlevel 4927
Security fixes for CVE-2022-1616, CVE-2022-1619, CVE-2022-1619
rsyslog-8.2204.0-1.fc37
Read Time:19 Second
FEDORA-2022-f2c4c83cc1
Packages in this update:
rsyslog-8.2204.0-1.fc37
Update description:
Automatic update for rsyslog-8.2204.0-1.fc37.
Changelog
* Mon May 9 2022 Attila Lakatos <alakatos@redhat.com> – 8.2204.0-1
– rebase to 8.2204.0
resolves: rhbz#1951970
– CVE-2022-24903 rsyslog: Heap-based overflow in TCP syslog server
resolves: rhbz#2082302
rsyslog-8.2204.0-1.fc36
Read Time:12 Second
FEDORA-2022-7988dad217
Packages in this update:
rsyslog-8.2204.0-1.fc36
Update description:
Rebase to 8.2204.0
Add patch to resolve potential heap buffer overflow, details: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
rsyslog-8.2204.0-1.fc35
Read Time:12 Second
FEDORA-2022-f796a28a7b
Packages in this update:
rsyslog-8.2204.0-1.fc35
Update description:
Rebase to 8.2204.0-1
Add patch resolving a potential heap buffer overflow, details: https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8
USN-5244-2: DBus vulnerability
Read Time:20 Second
USN-5244-1 fixed a vulnerability in DBus. This update provides
the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
Daniel Onaca discovered that DBus contained a use-after-free vulnerability,
caused by the incorrect handling of usernames sharing the same UID. An
attacker could possibly use this issue to cause DBus to crash, resulting
in a denial of service.
ZDI-22-725: Adobe Photoshop Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Read Time:11 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-724: Cisco RV340 JSON RPC set-snmp Command Injection Remote Code Execution Vulnerability
Read Time:10 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.