USN-5360-1: Tomcat vulnerabilities
It was discovered that Tomcat incorrectly performed input verification. A remote attacker could possibly use this issue to intercept sensitive information. (CVE-2020-13943, CVE-2020-17527, CVE-2021-25122, CVE-2021-30640)...
[R1] Nessus Agent Versions 8.3.3 and 10.1.3 Fix One Third-Party Vulnerability
Nessus Agent leverages third-party software to help provide underlying functionality. One of the third-party components (OpenSSL) was found to contain vulnerabilities, and an updated version...
crun-1.4.4-1.fc34
FEDORA-2022-10fd054d40 Packages in this update: crun-1.4.4-1.fc34 Update description: Security fix for CVE-2022-27650 Read More
SpringShell (Spring4Shell) : New Unpatched RCE Vulnerability in Spring Core Framework
FortiGuard Labs is aware that an alleged Proof-of-Concept (POC) code for a new Remote Code Execution (RCE) vulnerability in Spring Core, part of the popular...
mod_auth_openidc-2.4.9.4-1.fc36
FEDORA-2022-814ee0c43b Packages in this update: mod_auth_openidc-2.4.9.4-1.fc36 Update description: mod_auth_openidc 2.4.9.4 security update CVE-2021-39191 mod_auth_openidc: open redirect by supplying a crafted URL in the target_link_uri parameter...
mod_auth_openidc-2.4.9.4-1.fc37
FEDORA-2022-714b48d4d5 Packages in this update: mod_auth_openidc-2.4.9.4-1.fc37 Update description: Automatic update for mod_auth_openidc-2.4.9.4-1.fc37. Changelog * Thu Mar 31 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1 - Resolves:...
USN-5359-1: rsync vulnerability
Danilo Ramos discovered that rsync incorrectly handled memory when performing certain zlib deflating operations. An attacker could use this issue to cause rsync to crash,...
CVE-2021-20729
Cross-site scripting vulnerability in pfSense CE and pfSense Plus (pfSense CE software versions 2.5.2 and earlier, and pfSense Plus software versions 21.05 and earlier) allows...
USN-5358-1: Linux kernel vulnerabilities
It was discovered that the network traffic control implementation in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause...
USN-5357-1: Linux kernel vulnerability
It was discovered that the IPsec implementation in the Linux kernel did not properly allocate enough memory when performing ESP transformations, leading to a heap-based...