Read Time:11 Second
FEDORA-2022-f8921a3891
Packages in this update:
libsolv-0.7.21-1.fc35
Update description:
Update to 0.7.21
(Linked CVEs should not affect even current version… but as somebody opened bunch of bugs…)
Category Archives: Advisories
CVE-2021-22319
Read Time:5 Second
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.
Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Read Time:23 Second
Posted by YEUNG, Tsz Ko on Feb 24
Hi all,
I would like to disclose
the DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Details as below:
Vulnerable Software and Version:
1. Technitium Installer v4.4
Vulnerable software download link:
https://technitium.com/tmac/
Date discovered and reported:
25 Feb 2022
Description:
Technitium Installer v4.4 is suffering from DLL Hijacking by placing x86
SXS.dll in the same directory as the installer , which could cause…
Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Read Time:23 Second
Posted by YEUNG, Tsz Ko on Feb 24
Hi all,
I would like to disclose
the DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Details as below:
Vulnerable Software and Version:
1. Technitium Installer v4.4
Vulnerable software download link:
https://technitium.com/tmac/
Date discovered and reported:
25 Feb 2022
Description:
Technitium Installer v4.4 is suffering from DLL Hijacking by placing x86
SXS.dll in the same directory as the installer , which could cause…
DSA-5087 cyrus-sasl2 – security update
Read Time:14 Second
It was discovered that the SQL plugin in cyrus-sasl2, a library
implementing the Simple Authentication and Security Layer, is prone to a
SQL injection attack. An authenticated remote attacker can take
advantage of this flaw to execute arbitrary SQL commands and for
privilege escalation.
CVE-2020-10632
Read Time:10 Second
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
CVE-2020-10635
Read Time:9 Second
Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.
CVE-2020-10636
Read Time:6 Second
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
CVE-2020-10640
Read Time:9 Second
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
CVE-2020-14478
Read Time:15 Second
A local, authenticated attacker could use an XML External Entity (XXE) attack to exploit weakly configured XML files to access local or remote content. A successful exploit could potentially cause a denial-of-service condition and allow the attacker to arbitrarily read any local file via system-level services.