Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
Category Archives: Advisories
suricata-6.0.5-1.fc35
Read Time:8 Second
FEDORA-2022-1b9f9b2993
Packages in this update:
suricata-6.0.5-1.fc35
Update description:
Various security, performance, accuracy and stability issues have been fixed.
suricata-6.0.5-1.fc36
Read Time:8 Second
FEDORA-2022-e7bc9caf04
Packages in this update:
suricata-6.0.5-1.fc36
Update description:
Various security, performance, accuracy and stability issues have been fixed.
suricata-6.0.5-1.fc34
Read Time:8 Second
FEDORA-2022-a2f0201723
Packages in this update:
suricata-6.0.5-1.fc34
Update description:
Various security, performance, accuracy and stability issues have been fixed.
suricata-5.0.9-1.el8
Read Time:8 Second
FEDORA-EPEL-2022-667d59a6db
Packages in this update:
suricata-5.0.9-1.el8
Update description:
Various security, performance, accuracy and stability issues have been fixed.
suricata-6.0.5-1.el9
Read Time:8 Second
FEDORA-EPEL-2022-1f9a7c822c
Packages in this update:
suricata-6.0.5-1.el9
Update description:
Various security, performance, accuracy and stability issues have been fixed.
CVE-2021-26629
Read Time:12 Second
A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..’.
CVE-2021-26628
Read Time:13 Second
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.
USN-5389-1: Libcroco vulnerabilities
Read Time:36 Second
It was discovered that Libcroco was incorrectly accessing data structures when
reading bytes from memory, which could cause a heap buffer overflow. An attacker
could possibly use this issue to cause a denial of service. (CVE-2017-7960)
It was discovered that Libcroco was incorrectly handling invalid UTF-8 values
when processing CSS files. An attacker could possibly use this issue to cause
a denial of service. (CVE-2017-8834, CVE-2017-8871)
It was discovered that Libcroco was incorrectly implementing recursion in one
of its parsing functions, which could cause an infinite recursion loop and a
stack overflow due to stack consumption. An attacker could possibly use this
issue to cause a denial of service. (CVE-2020-12825)
USN-5390-1: Linux kernel vulnerabilities
Read Time:36 Second
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not properly validate passed user register indices. A local attacker
could use this to cause a denial of service or possibly execute arbitrary
code. (CVE-2022-1015)
David Bouman discovered that the netfilter subsystem in the Linux kernel
did not initialize memory in some situations. A local attacker could use
this to expose sensitive information (kernel memory). (CVE-2022-1016)
It was discovered that the ST21NFCA NFC driver in the Linux kernel did not
properly validate the size of certain data in EVT_TRANSACTION events. A
physically proximate attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code. (CVE-2022-26490)