Two vulnerabilities were discovered in the vhost code of DPDK, a set of
libraries for fast packet processing, which could result in denial of
service or the execution of arbitrary code.
Category Archives: Advisories
Post Title
Multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR), the most severe of which could allow for arbitrary code execution.
Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
keylime-6.4.0-1.fc34
FEDORA-2022-f9ace23a78
Packages in this update:
keylime-6.4.0-1.fc34
Update description:
Updating for Keylime release v6.4.0
Fixes CVE-2022-1053
keylime-6.4.0-1.fc35
FEDORA-2022-7c9173843a
Packages in this update:
keylime-6.4.0-1.fc35
Update description:
Updating for Keylime release v6.4.0
Fixes CVE-2022-1053
keylime-6.4.0-1.fc36
FEDORA-2022-748fda10e7
Packages in this update:
keylime-6.4.0-1.fc36
Update description:
Updating for Keylime release v6.4.0
Fixes CVE-2022-1053
USN-5395-2: networkd-dispatcher regression
USN-5395-1 fixed vulnerabilities in networkd-dispatcher. Unfortunately
that update was incomplete and could introduce a regression. This update
fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that networkd-dispatcher incorrectly handled internal
scripts. A local attacker could possibly use this issue to cause a race
condition, escalate privileges and execute arbitrary code.
(CVE-2022-29799, CVE-2022-29800)
Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver JAVA
Posted by Onapsis Research via Fulldisclosure on May 04
# Onapsis Security Advisory 2022-0002: Denial of Service in SAP NetWeaver
JAVA
## Impact on Business
This vulnerability can be used by an attacker to make a Denial of Service
to SAP Netweaver Java, making HTTP server unavailable during attack
execution.
## Advisory Information
– Public Release Date: 04/05/2021
– Security Advisory ID: ONAPSIS-2022-0002
– Researcher(s): Gaston Traberg
## Vulnerability Information
– Vendor: SAP
– Affected…
Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher
Posted by Onapsis Research via Fulldisclosure on May 04
# Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web
Dispatcher
## Impact on Business
By injecting an HTTP request as a prefix into a victim’s request, a
malicious user
is able to cause damage in different ways, such as producing a Denial of
Service by
setting an invalid request as a prefix.
It is also possible to inject a valid prefixed request that will include the
victim’s information from its original request….
CVE-2021-20051
SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system.
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc34
FEDORA-2022-efaa7e8775
Packages in this update:
java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc34
Update description:
8u332 update