The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template.
Category Archives: Advisories
CVE-2020-36516
An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim’s TCP session or terminate that session.
libsolv-0.7.21-1.fc35
FEDORA-2022-f8921a3891
Packages in this update:
libsolv-0.7.21-1.fc35
Update description:
Update to 0.7.21
(Linked CVEs should not affect even current version… but as somebody opened bunch of bugs…)
CVE-2021-22319
There is an improper verification vulnerability in smartphones. Successful exploitation of this vulnerability may cause integer overflows.
Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Posted by YEUNG, Tsz Ko on Feb 24
Hi all,
I would like to disclose
the DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Details as below:
Vulnerable Software and Version:
1. Technitium Installer v4.4
Vulnerable software download link:
https://technitium.com/tmac/
Date discovered and reported:
25 Feb 2022
Description:
Technitium Installer v4.4 is suffering from DLL Hijacking by placing x86
SXS.dll in the same directory as the installer , which could cause…
Disclosure of DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Posted by YEUNG, Tsz Ko on Feb 24
Hi all,
I would like to disclose
the DLL-Hijacking-Vulnerability-in-Technitium-Installer-v4.4
Details as below:
Vulnerable Software and Version:
1. Technitium Installer v4.4
Vulnerable software download link:
https://technitium.com/tmac/
Date discovered and reported:
25 Feb 2022
Description:
Technitium Installer v4.4 is suffering from DLL Hijacking by placing x86
SXS.dll in the same directory as the installer , which could cause…
DSA-5087 cyrus-sasl2 – security update
It was discovered that the SQL plugin in cyrus-sasl2, a library
implementing the Simple Authentication and Security Layer, is prone to a
SQL injection attack. An authenticated remote attacker can take
advantage of this flaw to execute arbitrary SQL commands and for
privilege escalation.
CVE-2020-10632
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
CVE-2020-10635
Simulation models for KUKA.Sim Pro version 3.1 are hosted by a server maintained by KUKA. When these devices request a model, the server transmits the model in plaintext.
CVE-2020-10636
Inadequate encryption may allow the passwords for Emerson OpenEnterprise versions through 3.3.4 user accounts to be obtained.