Read Time:1 Second
Post Content
Category Archives: Advisories
FreeBSD-EN-23:02.sdhci
FreeBSD-EN-23:01.tzdata
DSA-5344 heimdal – security update
Read Time:16 Second
Helmut Grohne discovered a flaw in Heimdal, an implementation of
Kerberos 5 that aims to be compatible with MIT Kerberos. The backports
of fixes for CVE-2022-3437 accidentally inverted important memory
comparisons in the arcfour-hmac-md5 and rc4-hmac integrity check
handlers for gssapi, resulting in incorrect validation of message
integrity codes.
DSA-5345 chromium – security update
Read Time:7 Second
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
xorg-x11-server-1.20.14-18.fc36
Read Time:8 Second
FEDORA-2023-fb5022e741
Packages in this update:
xorg-x11-server-1.20.14-18.fc36
Update description:
CVE-2023-0494: potential use-after-free in DeepCopyPointerClasses
CVE-2021-36471
Read Time:8 Second
Directory Traversal vulnerability in AdminLTE 3.1.0 allows remote attackers to gain escalated privilege and view sensitive information via /admin/index2.html, /admin/index3.html URIs.
CVE-2021-37492
Read Time:8 Second
An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function.
CVE-2011-10003
Read Time:21 Second
A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The name of the patch is c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247.
USN-5845-2: OpenSSL vulnerabilities
Read Time:32 Second
USN-5845-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
David Benjamin discovered that OpenSSL incorrectly handled X.400 address
processing. A remote attacker could possibly use this issue to read
arbitrary memory contents or cause OpenSSL to crash, resulting in a denial
of service. (CVE-2023-0286)
Octavio Galland and Marcel Böhme discovered that OpenSSL incorrectly
handled streaming ASN.1 data. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2023-0215)