Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Network Performance Monitor. Authentication is required to exploit this vulnerability.
Category Archives: Advisories
dcmtk-3.6.4-11.el8
Read Time:19 Second
FEDORA-EPEL-2023-40e1d58afe
Packages in this update:
dcmtk-3.6.4-11.el8
Update description:
This update contains several high and critical security fixes.
CVE-2021-41687/CVE-2021-41688/CVE-2021-41690
CVE-2021-41689
CVE-2022-2119/CVE-2022-2120/CVE-2022-2121
CVE-2022-43272
It also switches to use bundled charls v1 to match the behavior in Fedora.
dcmtk-3.6.6-12.el9
Read Time:19 Second
FEDORA-EPEL-2023-c14f77e922
Packages in this update:
dcmtk-3.6.6-12.el9
Update description:
This update contains several high and critical security fixes.
CVE-2021-41687/CVE-2021-41688/CVE-2021-41690
CVE-2021-41689
CVE-2022-2119/CVE-2022-2120/CVE-2022-2121
CVE-2022-43272
It also switches to use bundled charls v1 to match the behavior in Fedora.
[CVE-2023-25355/25356] No fix available – vulnerabilities in CoreDial sipXcom sipXopenfire
SEC Consult SA-20230306-0 :: Multiple Vulnerabilities in Arris DG3450 Cable Gateway
Read Time:17 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Mar 06
SEC Consult Vulnerability Lab Security Advisory < 20230306-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Arris DG3450 Cable Gateway
vulnerable version: AR01.02.056.18_041520_711.NCS.10
fixed version: –
CVE number: CVE-2023-27571, CVE-2023-27572
impact: medium
homepage: https://www.commscope.com…
OpenBSD overflow
Read Time:15 Second
Posted by Erg Noor on Mar 06
Hi,
Fun OpenBSD bug.
ip_dooptions() will allow IPOPT_SSRR with optlen = 2.
save_rte() will set isr_nhops to very large value, which will cause
overflow in next ip_srcroute() call.
More info is here https://github.com/fuzzingrf/openbsd_tcpip_overflow/
-erg
containerd-1.6.19-1.fc38
Read Time:11 Second
FEDORA-2023-cd000ea847
Packages in this update:
containerd-1.6.19-1.fc38
Update description:
Update containerd to 1.16.19
– Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2
– Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p
containerd-1.6.19-1.fc36
Read Time:11 Second
FEDORA-2023-aadd08ab96
Packages in this update:
containerd-1.6.19-1.fc36
Update description:
Update containerd to 1.16.19
– Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2
– Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p
containerd-1.6.19-1.fc37
Read Time:11 Second
FEDORA-2023-05b39bc048
Packages in this update:
containerd-1.6.19-1.fc37
Update description:
Update containerd to 1.16.19
– Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2
– Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p
CVE-2017-20181
Read Time:23 Second
A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.