An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session.
libsolv-0.7.21-1.fc35
Update to 0.7.21
(Linked CVEs should not affect even current version… but as somebody opened bunch of bugs…)
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.
Posted by YEUNG, Tsz Ko on Feb 24
Hi all,
I would like to disclose
the DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Details as below:
Vulnerable Software and Version:
1. Technitium Installer v4.4
Vulnerable software download link:
https://technitium.com/tmac/
Date discovered and reported:
25 Feb 2022
Description:
Technitium Installer v4.4 is suffering from DLL Hijacking by placing x86
SXS.dll in the same directory as the installer , which could cause…
Posted by YEUNG, Tsz Ko on Feb 24
Hi all,
I would like to disclose
the DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Details as below:
Vulnerable Software and Version:
1. Technitium Installer v4.4
Vulnerable software download link:
https://technitium.com/tmac/
Date discovered and reported:
25 Feb 2022
Description:
Technitium Installer v4.4 is suffering from DLL Hijacking by placing x86
SXS.dll in the same directory as the installer , which could cause…
It was discovered that the SQL plugin in cyrus-sasl2, a library
implementing the Simple Authentication and Security Layer, is prone to a
SQL injection attack. An authenticated remote attacker can take
advantage of this flaw to execute arbitrary SQL commands and for
privilege escalation.
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands with system privileges or perform remote code execution via a specific communication service.
