Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/WYRESTORM_APOLLO_VX20_INCORRECT_ACCESS_CONTROL_DOS_CVE-2024-25736.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.wyrestorm.com

[Product]
APOLLO VX20 < 1.3.58

[Vulnerability Type]
Incorrect Access Control (DOS)

[Affected Product Code Base]
APOLLO VX20 < 1.3.58, fixed in v1.3.58

[Affected…

Read More

Posted by hyp3rlinx on Feb 13

[+] Credits: John Page (aka hyp3rlinx)
[+] Website: hyp3rlinx.altervista.org
[+] Source:
http://hyp3rlinx.altervista.org/advisories/IBMI_ACCESS_CLIENT_REMOTE_CREDENTIAL_THEFT_CVE-2024-22318.txt
[+] twitter.com/hyp3rlinx
[+] ISR: ApparitionSec

[Vendor]
www.ibm.com

[Product]
IBM i Access Client Solutions

[Versions]
All

[Remediation/Fixes]
None

[Vulnerability Type]
Remote Credential Theft

[CVE Reference]
CVE-2024-22318

[Security Issue]
IBM i…

Read More

It was discovered that UltraJSON incorrectly handled certain input with
a large amount of indentation. An attacker could possibly use this issue
to crash the program, resulting in a denial of service. (CVE-2021-45958)

Jake Miller discovered that UltraJSON incorrectly decoded certain
characters. An attacker could possibly use this issue to cause key
confusion and overwrite values in dictionaries. (CVE-2022-31116)

It was discovered that UltraJSON incorrectly handled an error when
reallocating a buffer for string decoding. An attacker could possibly
use this issue to corrupt memory. (CVE-2022-31117)

Read More

FEDORA-EPEL-2024-2de74966ef

Packages in this update:

rust-ansitok-0.2.0-4.el9
rust-bat-0.24.0-2.el9
rust-cargo-c-0.9.27-4.el9
rust-eza-0.17.3-2.el9
rust-git2-0.18.2-1.el9
rust-git-delta-0.16.5-9.el9
rust-libgit2-sys-0.16.2-1.el9
rust-pore-0.1.10-3.el9
rust-shadow-rs-0.8.1-8.el9
rust-strip-ansi-escapes-0.2.0-2.el9
rust-vergen-5.1.17-8.el9
rust-vt100-0.15.2-2.el9
rust-vte-0.13.0-1.el9

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

FEDORA-2024-993d3a78dd

Packages in this update:

rust-asyncgit-0.24.3-3.fc38
rust-bat-0.24.0-3.fc38
rust-cargo-c-0.9.28-4.fc38
rust-eza-0.17.3-2.fc38
rust-git2-0.18.2-1.fc38
rust-git-absorb-0.6.11-3.fc38
rust-git-delta-0.16.5-9.fc38
rust-gitui-0.24.3-4.fc38
rust-libgit2-sys-0.16.2-1.fc38
rust-lsd-1.0.0-3.fc38
rust-pore-0.1.10-3.fc38
rust-pretty-git-prompt-0.2.1-20.fc38
rust-shadow-rs-0.8.1-8.fc38
rust-silver-2.0.1-7.fc38
rust-tokei-12.1.2-8.fc38
rust-vergen-5.1.17-8.fc38

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

FEDORA-2024-8ba389815f

Packages in this update:

rust-asyncgit-0.24.3-3.fc39
rust-bat-0.24.0-3.fc39
rust-cargo-c-0.9.28-4.fc39
rust-eza-0.17.3-2.fc39
rust-git2-0.18.2-1.fc39
rust-git-absorb-0.6.11-3.fc39
rust-git-delta-0.16.5-9.fc39
rust-gitui-0.24.3-4.fc39
rust-libgit2-sys-0.16.2-1.fc39
rust-lsd-1.0.0-3.fc39
rust-pore-0.1.10-3.fc39
rust-pretty-git-prompt-0.2.1-20.fc39
rust-shadow-rs-0.8.1-8.fc39
rust-silver-2.0.1-7.fc39
rust-tokei-12.1.2-8.fc39
rust-vergen-5.1.17-8.fc39

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

FEDORA-2024-53685bdcb6

Packages in this update:

rust-asyncgit-0.24.3-3.fc40
rust-bat-0.24.0-3.fc40
rust-cargo-c-0.9.28-4.fc40
rust-eza-0.17.3-2.fc40
rust-git2-0.18.2-1.fc40
rust-git-absorb-0.6.11-3.fc40
rust-git-delta-0.16.5-9.fc40
rust-gitui-0.24.3-4.fc40
rust-libgit2-sys-0.16.2-1.fc40
rust-lsd-1.0.0-3.fc40
rust-pore-0.1.10-3.fc40
rust-pretty-git-prompt-0.2.1-20.fc40
rust-shadow-rs-0.8.1-8.fc40
rust-silver-2.0.1-7.fc40
rust-tokei-12.1.2-8.fc40
rust-vergen-5.1.17-8.fc40

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

FEDORA-2024-401f10a92f

Packages in this update:

rust-asyncgit-0.24.3-3.fc41
rust-bat-0.24.0-3.fc41
rust-cargo-c-0.9.28-4.fc41
rust-eza-0.17.3-2.fc41
rust-git2-0.18.2-1.fc41
rust-git-absorb-0.6.11-3.fc41
rust-git-delta-0.16.5-9.fc41
rust-gitui-0.24.3-4.fc41
rust-libgit2-sys-0.16.2-1.fc41
rust-lsd-1.0.0-3.fc41
rust-pore-0.1.10-3.fc41
rust-pretty-git-prompt-0.2.1-20.fc41
rust-shadow-rs-0.8.1-8.fc41
rust-silver-2.0.1-7.fc41
rust-tokei-12.1.2-8.fc41
rust-vergen-5.1.17-8.fc41

Update description:

Update the git2 crate to version 0.18.2.
Update the libgit2-sys crate to version 0.16.2.

Version 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.

Since the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.

Read More

Post Content

Read More

Post Content

Read More