Read Time:8 Second
FEDORA-2022-7c9173843a
Packages in this update:
keylime-6.4.0-1.fc35
Update description:
Updating for Keylime release v6.4.0
Fixes CVE-2022-1053
Category Archives: Advisories
keylime-6.4.0-1.fc36
Read Time:8 Second
FEDORA-2022-748fda10e7
Packages in this update:
keylime-6.4.0-1.fc36
Update description:
Updating for Keylime release v6.4.0
Fixes CVE-2022-1053
USN-5395-2: networkd-dispatcher regression
Read Time:20 Second
USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver JAVA
Read Time:22 Second
Posted by Onapsis Research via Fulldisclosure on May 04
# Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver
JAVA
## Impact on Business
This vulnerability can be used by an attacker to make a Denial of Service
to SAP Netweaver Java, making HTTP server unavailable during attack
execution.
## Advisory Information
– Public Release Date: 04/05/2021
– Security Advisory ID: ONAPSIS-2022-0002
– Researcher(s): Gaston Traberg
## Vulnerability Information
– Vendor: SAP
– Affected…
Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher
Read Time:25 Second
Posted by Onapsis Research via Fulldisclosure on May 04
# Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web
Dispatcher
## Impact on Business
By injecting an HTTP request as a prefix into a victim’s request, a
malicious user
is able to cause damage in different ways, such as producing a Denial of
Service by
setting an invalid request as a prefix.
It is also possible to inject a valid prefixed request that will include the
victim’s information from its original request….
CVE-2021-20051
Read Time:14 Second
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc34
Read Time:7 Second
FEDORA-2022-efaa7e8775
Packages in this update:
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc34
Update description:
8u332 update
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc35
Read Time:7 Second
FEDORA-2022-0a719e8ba4
Packages in this update:
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc35
Update description:
8u332 update
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc36
Read Time:7 Second
FEDORA-2022-eb9cc91549
Packages in this update:
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc36
Update description:
8u332 update
freetype-2.10.4-6.fc34
Read Time:9 Second
FEDORA-2022-5e45671294
Packages in this update:
freetype-2.10.4-6.fc34
Update description:
Security fix for CVE-2022-27404, CVE-2022-27405 and CVE-2022-27406.