CLSA-2022-1663184139 Fixed CVE-2021-28861 in python3

CVE-2021-28861: fix redirection vulnerability in http.server - fix tests to be compatible with expat 2.2.5...

Powershell Exec, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x64)

Execute an x64 payload from a command via PowerShell. Custom shellcode stage. Listen for a connection with UUID Support Windows x64 Module Options msf use payload/cmd/windows/powershell/x64/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...

SUSE-SU-2022:3177-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja = and = 23.0.0 bsc1201082 - Add support for name, pkgs and diffattr parameters to upgrade function for zypper and yum bsc1198489 - Fix possible errors on...

SUSE-SU-2022:3172-1 Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Add support for gpgautoimport in zypperpkg module - Update Salt to work with Jinja = and = 23.0.0 bsc1201082 - Add support for name, pkgs and diffattr parameters to upgrade function for zypper and yum bsc1198489 - Fix possible errors on...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM HTTP Server and Caching Proxy (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah" SSL/TLS may affect some configurations of the IBM HTTP Server and some configurations of the IBM Caching Proxy for WebSphere Application Server. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol,...

PT-2025-53144

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to the compiletime strlen function when used with CONFIG FORTIFY=y and CONFIG UBSAN LOCAL BOUNDS=y. The issue arises from how builtin object si...

CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

DEBIAN-CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

UBUNTU-CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

CVE-2022-38152

An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct...

[SECURITY] Fedora 35 Update: OpenImageIO-2.2.21.0-2.fc35

OpenImageIO is a library for reading and writing images, and a bunch of relat ed classes, utilities, and applications. Main features include: - Extremely simple but powerful ImageInput and ImageOutput APIs for reading a nd writing 2D images that is format agnostic. - Format plugins for TIFF,...

OPENSUSE-SU-2022:10096-1 Security update for freeciv

This update for freeciv fixes the following issues: - update to 3.0.3 boo1202548, CVE-2022-6083: 3.0.3 is a bugfix release see https://freeciv.fandom.com/wiki/NEWS-3.0.3 - update to 3.0.2: 3.0.2 is a generic bugfix release see https://freeciv.fandom.com/wiki/NEWS-3.0.2 - update to 3.0.1: 3.0.1 is...

CVE-2022-36008

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

Code injection

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

CVE-2022-36008

Frontier (Substrate’s Ethereum compatibility layer) has a CVE-2022-36008 affecting parsing of the RPC exit reason for EVM reversion. In release builds, the RPC could return an incorrectly parsed exit reason; in debug builds, an overflow panic could occur. The issue is only relevant if a bridge no...

CVE-2022-36008 Message length overflow in frontier

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

CVE-2022-36008 Message length overflow in frontier

Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause ...

GHSA-J3RV-W43Q-F9X2 React Editable Json Tree vulnerable to arbitrary code execution via function parsing

Impact Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be...

SUSE-SU-2022:2838-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release bsc1201727: - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave INTEL-SA-00657. See also:...