Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in remote code execution.

VMware Workspace ONE Access is an access control application for Workspace ONE.
VMware Identity Manager is the identity and access management component of Workspace ONE.
vRealize Automationi is a management platform for automating the delivery of container-based applications.
VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

FEDORA-2022-e62adccfca

Packages in this update:

vim-8.2.4701-1.fc34

Update description:

Security fix for CVE-2022-1154

Security fix for CVE-2022-1160

The newest upstream commit

Security fix for CVE-2022-0943

Read More

FEDORA-2022-d776fcfe60

Packages in this update:

vim-8.2.4701-1.fc35

Update description:

The newest upstream commit

Security fix for CVE-2022-1160

Security fix for CVE-2022-1154

Read More

A vulnerability has been discovered in FortiWAN which could allow for arbitrary code execution. FortiWAN is a product that balances traffic over multiple WAN connections. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code using specially crafted requests.

Read More

FEDORA-2022-44f5b2df35

Packages in this update:

vim-8.2.4701-1.fc36

Update description:

The newest upstream commit

Security fix for CVE-2022-1160

Security fix for CVE-2022-1154

Read More

It was discovered that FriBidi incorrectly handled processing of input strings
resulting in memory corruption. An attacker could use this issue to cause
FriBidi to crash, resulting in a denial of service, or potentially execute
arbitrary code.
(CVE-2022-25308)

It was discovered that FriBidi incorrectly validated input data to its CapRTL
unicode encoder, resulting in memory corruption. An attacker could use this
issue to cause FriBidi to crash, resulting in a denial of service, or
potentially execute arbitrary code.
(CVE-2022-25309)

It was discovered that FriBidi incorrectly handled empty input when removing
marks from unicode strings, resulting in a crash. An attacker could use this
to cause FriBidi to crash, resulting in a denial of service, or potentially
execute arbitrary code.
(CVE-2022-25310)

Read More

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to BP Monitoring.

Read More

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.

Read More

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Missing Authentication.

Read More

Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to Plain text command over BLE.

Read More