Multiple vulnerabilities have been discovered in the Apache HTTP server,
which may result in HTTP response splitting or denial of service.
Category Archives: Advisories
CVE-2021-46877
jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving JsonNode JDK serialization.
flatpak-runtime-f37-3720230318112459.1 flatpak-sdk-f37-3720230318112459.1
FEDORA-FLATPAK-2023-b62200ee95
Packages in this update:
flatpak-runtime-f37-3720230318112459.1
flatpak-sdk-f37-3720230318112459.1
Update description:
Add 05-flatpak-fontpath.conf to avoid conflict between caches on host and flatpak.
See https://github.com/fedora-silverblue/issue-tracker/issues/305
Updated flatpak runtime and SDK, including latest Fedora 37 security and bug-fix errata.
flatpak-1.12.8-1.fc36
FEDORA-2023-9fbc701e0d
Packages in this update:
flatpak-1.12.8-1.fc36
Update description:
Update to 1.12.8
Fix CVE-2023-28100 and CVE-2023-28101
flatpak-1.14.4-1.fc37
FEDORA-2023-b0717d8c45
Packages in this update:
flatpak-1.14.4-1.fc37
Update description:
Update to 1.14.4
Fix CVE-2023-28100 and CVE-2023-28101
flatpak-1.15.4-1.fc38
FEDORA-2023-508e400dec
Packages in this update:
flatpak-1.15.4-1.fc38
Update description:
Update to 1.15.4
Fix CVE-2023-28100 and CVE-2023-28101
CVE-2021-21548
Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim’s traffic to view or modify a victim’s data in transit.
Defense in depth — the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is)
Posted by Stefan Kanthak on Mar 16
Hi @ll,
with Windows 2000, Microsoft virtualised the [HKEY_CLASSES_ROOT] registry
branch: what was just an alias for [HKEY_LOCAL_MACHINESOFTWAREClasses]
before became the overlay of [HKEY_LOCAL_MACHINESOFTWAREClasses] and
[HKEY_CURRENT_USERSoftwareClasses] with the latter having precedence:
<https://msdn.microsoft.com/en-us/library/ms724498.aspx>
Note: while [HKEY_LOCAL_MACHINESOFTWAREClasses] is writable only by…
[CFP] Security BSides Ljubljana 0x7E7 | June 16, 2023
Posted by Andraz Sraka on Mar 16
MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMN..-..–+MMNy:…-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
MM:..—.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
Mm../dds.-oy.-.dMh–mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM
MMMs//yMNo+hMh—m:-:hy+sMN..+Mo..os+.-:Ny–ossssdN-.:yyo+mM…
DSA-5375 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service, the execution of arbitrary code or
spoofing.