It was discovered that when python-openstackclient attempted to delete a
non-existing access rule, it would delete another existing access rule
instead, contrary to expectations.
Category Archives: Advisories
USN-6667-1: Cpanel-JSON-XS vulnerability
It was discovered that Cpanel-JSON-XS incorrectly decoded certain data. A
remote attacker could use this issue to cause Cpanel-JSON-XS to crash,
resulting in a denial of service, or possibly obtain sensitive information.
USN-6666-1: libuv vulnerability
It was discovered that libuv incorrectly truncated certain hostnames. A
remote attacker could possibly use this issue with specially crafted
hostnames to bypass certain checks.
USN-6665-1: Unbound vulnerabilities
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Unbound incorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Unbound to consume
resources, leading to a denial of service. (CVE-2023-50387)
It was discovered that Unbound incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Unbound to consume resources, leading to a denial of service.
(CVE-2023-50868)
ghc-base64-0.4.2.4-28.fc41 ghc-hakyll-4.16.2.0-4.fc41 ghc-isocline-1.0.9-28.fc41 gitit-0.15.1.1-6.fc41 pandoc-3.1.3-28.fc41 pandoc-cli-0.1.1.1-28.fc41 patat-0.11.0.0-1.fc41
FEDORA-2024-d62088b505
Packages in this update:
ghc-base64-0.4.2.4-28.fc41
ghc-hakyll-4.16.2.0-4.fc41
ghc-isocline-1.0.9-28.fc41
gitit-0.15.1.1-6.fc41
pandoc-3.1.3-28.fc41
pandoc-cli-0.1.1.1-28.fc41
patat-0.11.0.0-1.fc41
Update description:
pandoc-cli replaces pandoc binary package
Security fix for CVE-2023-35936 and CVE-2023-35936
newly packaged ghc-base64 and ghc-isocline
ZDI-24-214: NI FlexLogger RabbitMQ Incorrect Permission Assignment Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1156.
ZDI-24-213: NI FlexLogger userservices Missing Authorization Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1155.
ZDI-24-212: NI FlexLogger TagHistorian Missing Authorization Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1155.
ZDI-24-211: NI FlexLogger DocumentManager Missing Authorization Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1155.
ZDI-24-210: NI FlexLogger SkylineService Missing Authorization Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of NI FlexLogger. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-1155.