Category Archives: Advisories

Multiple Vulnerabilities in Reprise License Manager 14.2

Read Time:12 Second

Posted by Gionathan Reale via Fulldisclosure on Apr 07

Multiple Vulnerabilities in Reprise License Manager 14.2

Credit: Giulia Melotti Garibaldi

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

# Product:  RLM 14.2
# Vendor:   Reprise Software
# CVE ID:   CVE-2022-28363
# Vulnerability Title: Reflected Cross-Site Scripting
# Severity: Medium
#…

Read More

xen-4.16.0-6.fc36

Read Time:21 Second

FEDORA-2022-fca60937b8

Packages in this update:

xen-4.16.0-6.fc36

Update description:

Racy interactions between dirty vram tracking and paging log dirty
hypercalls [XSA-397, CVE-2022-26356]
race in VT-d domain ID cleanup [XSA-399, CVE-2022-26357]
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues [XSA-400,
CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361]

Read More

USN-5370-1: Firefox vulnerabilities

Read Time:38 Second

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, execute script
unexpectedly, obtain sensitive information, conduct spoofing attacks,
or execute arbitrary code. (CVE-2022-1097, CVE-2022-24713, CVE-2022-28281,
CVE-2022-28282, CVE-2022-28284, CVE-2022-28285, CVE-2022-28286,
CVE-2022-28288, CVE-2022-28289)

A security issue was discovered with the sourceMapURL feature of devtools.
An attacker could potentially exploit this to include local files that
should have been inaccessible. (CVE-2022-28283)

It was discovered that selecting text caused Firefox to crash in some
circumstances. An attacker could potentially exploit this to cause a
denial of service. (CVE-2022-28287)

Read More

libbson-1.3.5-7.el7

Read Time:17 Second

FEDORA-EPEL-2022-14d598751d

Packages in this update:

libbson-1.3.5-7.el7

Update description:

This release prevents from a memory corruption when dealing with a too large (larger than a half of a address space) JSON documents. The prevention results in terminating the offended process. The same meassure which libbson triggers on a memory exhaustion.

Read More

Post Title

Read Time:49 Second

Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in remote code execution.

VMware Workspace ONE Access is an access control application for Workspace ONE.
VMware Identity Manager is the identity and access management component of Workspace ONE.
vRealize Automationi is a management platform for automating the delivery of container-based applications.
VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

Read More

vim-8.2.4701-1.fc34

Read Time:11 Second

FEDORA-2022-e62adccfca

Packages in this update:

vim-8.2.4701-1.fc34

Update description:

Security fix for CVE-2022-1154

Security fix for CVE-2022-1160

The newest upstream commit

Security fix for CVE-2022-0943

Read More