The following vulnerabilities have been discovered in the WebKitGTK
web engine:
Category Archives: Advisories
xen-4.16.0-6.fc36
FEDORA-2022-fca60937b8
Packages in this update:
xen-4.16.0-6.fc36
Update description:
Racy interactions between dirty vram tracking and paging log dirty
hypercalls [XSA-397, CVE-2022-26356]
race in VT-d domain ID cleanup [XSA-399, CVE-2022-26357]
IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues [XSA-400,
CVE-2022-26358, CVE-2022-26359, CVE-2022-26360, CVE-2022-26361]
USN-5370-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, execute script
unexpectedly, obtain sensitive information, conduct spoofing attacks,
or execute arbitrary code. (CVE-2022-1097, CVE-2022-24713, CVE-2022-28281,
CVE-2022-28282, CVE-2022-28284, CVE-2022-28285, CVE-2022-28286,
CVE-2022-28288, CVE-2022-28289)
A security issue was discovered with the sourceMapURL feature of devtools.
An attacker could potentially exploit this to include local files that
should have been inaccessible. (CVE-2022-28283)
It was discovered that selecting text caused Firefox to crash in some
circumstances. An attacker could potentially exploit this to cause a
denial of service. (CVE-2022-28287)
libbson-1.3.5-7.el7
FEDORA-EPEL-2022-14d598751d
Packages in this update:
libbson-1.3.5-7.el7
Update description:
This release prevents from a memory corruption when dealing with a too large (larger than a half of a address space) JSON documents. The prevention results in terminating the offended process. The same meassure which libbson triggers on a memory exhaustion.
USN-5369-1: oslo.utils vulnerability
It was discovered that oslo.utils incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
Post Title
Multiple vulnerabilities have been discovered in VMware Products, the most severe of which could result in remote code execution.
VMware Workspace ONE Access is an access control application for Workspace ONE.
VMware Identity Manager is the identity and access management component of Workspace ONE.
vRealize Automationi is a management platform for automating the delivery of container-based applications.
VMware Cloud Foundation is a hybrid cloud platform that provides a set of software-defined services for compute, storage, networking, security and cloud management to run enterprise apps.
vRealize Suite Lifecycle Manager allows for complete lifecycle and content management capabilities for vRealize Suite products.
Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.
vim-8.2.4701-1.fc34
FEDORA-2022-e62adccfca
Packages in this update:
vim-8.2.4701-1.fc34
Update description:
Security fix for CVE-2022-1154
Security fix for CVE-2022-1160
The newest upstream commit
Security fix for CVE-2022-0943
vim-8.2.4701-1.fc35
FEDORA-2022-d776fcfe60
Packages in this update:
vim-8.2.4701-1.fc35
Update description:
The newest upstream commit
Security fix for CVE-2022-1160
Security fix for CVE-2022-1154
Post Title
A vulnerability has been discovered in FortiWAN which could allow for arbitrary code execution. FortiWAN is a product that balances traffic over multiple WAN connections. Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code using specially crafted requests.
vim-8.2.4701-1.fc36
FEDORA-2022-44f5b2df35
Packages in this update:
vim-8.2.4701-1.fc36
Update description:
The newest upstream commit
Security fix for CVE-2022-1160
Security fix for CVE-2022-1154