Read Time:9 Second
It was discovered that the GNU C Library incorrectly handled the syslog()
function call. A local attacker could use this issue to execute arbitrary
code and possibly escalate privileges.
Category Archives: Advisories
wordpress-5.1.18-1.el7
Read Time:18 Second
FEDORA-EPEL-2024-3f1f3dcef0
Packages in this update:
wordpress-5.1.18-1.el7
Update description:
WordPress 5.1.18 Security Release
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.fc38
Read Time:20 Second
FEDORA-2024-df1cdcb0de
Packages in this update:
wordpress-6.4.3-1.fc38
Update description:
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.fc39
Read Time:20 Second
FEDORA-2024-2b30739a76
Packages in this update:
wordpress-6.4.3-1.fc39
Update description:
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
wordpress-6.4.3-1.el9
Read Time:20 Second
FEDORA-EPEL-2024-7190fecd91
Packages in this update:
wordpress-6.4.3-1.el9
Update description:
WordPress 6.4.3 – Maintenance and Security release
See upstream announcement
Security updates included in this release
m4tuto for finding a PHP File Upload bypass via Plugin Installer (requiring admin privileges).
@_s_n_t of @pentestltd working with Trend Micro Zero Day Initiative for finding an RCE POP Chains vulnerability.
chromium-121.0.6167.139-1.fc38
Read Time:15 Second
FEDORA-2024-ca36dcc1d3
Packages in this update:
chromium-121.0.6167.139-1.fc38
Update description:
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
chromium-121.0.6167.139-1.fc39
Read Time:15 Second
FEDORA-2024-87e0baecb6
Packages in this update:
chromium-121.0.6167.139-1.fc39
Update description:
update to 121.0.6167.139
High CVE-2024-1060: Use after free in Canvas
High CVE-2024-1059: Use after free in WebRTC
High CVE-2024-1077: Use after free in Network
DSA-5612-1 chromium – security update
Read Time:9 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
DSA-5613-1 openjdk-17 – security update
Read Time:12 Second
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in side channel attacks, leaking sensitive data to log
files, denial of service or bypass of sandbox restrictions.
USN-6619-1: runC vulnerability
Read Time:9 Second
Rory McNamara discovered that runC did not properly manage internal file
descriptor while managing containers. An attacker could possibly use this
issue to obtain sensitive information or bypass container restrictions.