Category Archives: Advisories

mod_auth_openidc-2.4.9.4-1.fc36

Read Time:14 Second

FEDORA-2022-814ee0c43b

Packages in this update:

mod_auth_openidc-2.4.9.4-1.fc36

Update description:

mod_auth_openidc 2.4.9.4 security update

CVE-2021-39191 mod_auth_openidc: open redirect by supplying a crafted URL in the target_link_uri parameter

Read More

mod_auth_openidc-2.4.9.4-1.fc37

Read Time:21 Second

FEDORA-2022-714b48d4d5

Packages in this update:

mod_auth_openidc-2.4.9.4-1.fc37

Update description:

Automatic update for mod_auth_openidc-2.4.9.4-1.fc37.

Changelog

* Thu Mar 31 2022 Tomas Halman <thalman@redhat.com> – 2.4.9.4-1
– Resolves: rhbz#2001647 – CVE-2021-39191 mod_auth_openidc: open redirect
by supplying a crafted URL in the target_link_uri
parameter

Read More

USN-5359-1: rsync vulnerability

Read Time:11 Second

Danilo Ramos discovered that rsync incorrectly handled memory when
performing certain zlib deflating operations. An attacker could use this
issue to cause rsync to crash, resulting in a denial of service, or
possibly execute arbitrary code.

Read More

CVE-2021-20729

Read Time:12 Second

Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows a remote attacker to inject an arbitrary script via a malicious URL.

Read More

USN-5358-1: Linux kernel vulnerabilities

Read Time:27 Second

It was discovered that the network traffic control implementation in the
Linux kernel contained a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2022-1055)

It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-27666)

Read More

USN-5357-1: Linux kernel vulnerability

Read Time:14 Second

It was discovered that the IPsec implementation in the Linux kernel did not
properly allocate enough memory when performing ESP transformations,
leading to a heap-based buffer overflow. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.

Read More

CVE-2019-12266

Read Time:18 Second

Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.

Read More

CVE-2019-9564

Read Time:18 Second

A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices.
This issue affects:
Wyze Cam Pan v2
versions prior to 4.49.1.47.
Wyze Cam v2
versions prior to 4.9.8.1002.
Wyze Cam v3
versions prior to 4.36.8.32.

Read More