SUSE-SU-2022:2838-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release bsc1201727: - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave INTEL-SA-00657. See also:...

Shared Server Compatibility of Veeam Backup for Microsoft 365 and Veeam Backup & Replication

Purpose It is important to remember that Veeam Backup for Microsoft 365 and Veeam Backup & Replication are separate backup products designed to operate separately from each other. However, both Veeam Backup for Microsoft 365 and Veeam Backup & Replication utilize Veeam Explorers as secondary...

[SECURITY] Fedora 36 Update: golang-ariga-atlas-0.3.6-4.fc36

A database toolkit...

Revamped version of Redeemer Ransomware has been uncovered on Dark Web Forums

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary A new version of the free Redeemer ransomware has been discovered on hacker forums, providing inexperienced threat actors with an easy entry into the field of encryption-backed extortion campaigns. The new 2.0...

Input validation

The Western Digital My Cloud Web App https://os5.mycloud.com/ uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation,...

CVE-2022-23000 Weak Default SSL use in Port Forwarding Service

The Western Digital My Cloud Web App https://os5.mycloud.com/ uses a weak SSLContext when attempting to configure port forwarding rules. This was enabled to maintain compatibility with old or outdated home routers. By using an "SSL" context instead of "TLS" or specifying stronger validation,...

Open-Xchange OX App Suite 操作系统命令注入漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. An operating system command injection vulnerability exists in Open-Xchange OX App Suite versions 7.10.6 and below, which stems from a compatibility layer of the documentconverter API that can b...

Wago PFC200 Denial of Service (CVE-2021-21000)

On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker with network access to the device could cause a denial of service for the login service of the runtime. - On WAGO PFC200 devices in different firmware versions with special crafted packets an attacker...

Fedora: Security Advisory for golang-github-gogo-protobuf (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-modernc-golex-1.0.1-5.fc35

A lex/flex like not fully POSIX lex compatible utility...

[SECURITY] Fedora 36 Update: openssl1.1-1.1.1q-1.fc36

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases...

Possible RCE escalation bug with Serialized Columns in Active Record

There is a possible escalation to RCE when using YAML serialized columns in Active Record. This vulnerability has been assigned the CVE identifier CVE-2022-32224. Versions Affected: All. Not affected: None Fixed Versions: 7.0.3.1, 6.1.6.1, 6.0.5.1, 5.2.8.1 Impact ------ When serialized columns th...

CVE-2022-31111

Frontier (Substrate’s Ethereum compatibility layer) is affected by a truncation error when converting between EVM balance type and Substrate balance type. In affected versions this can cause a discrepancy between the appeared EVM transfer value and the actual Substrate value transferred. The issu...

CVE-2022-31111 Discrepency in transfer value and actual value due to incorrect truncation in Frontier

Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value...

[SECURITY] Fedora 36 Update: openssl1.1-1.1.1p-1.fc36

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases...

OPENSUSE-SU-2022:10040-1 Security update for python-nltk

This update for python-nltk fixes the following issues: Update to 3.7 - Improve and update the NLTK team page on nltk.org 2855, 2941 - Drop support for Python 3.6, support Python 3.10 2920 - Update to 3.6.7 - Resolve IndexError in senttokenize and wordtokenize 2922 - Update to 3.6.6 - Refactor...

PHP Library Remote Code Execution Vulnerability

Several PHP compatibility libraries contain a potential remote code execution flaw in their jsondecode function based on having copy pasted existing vulnerable code. Affected components include the WassUp Realtime analytics WordPress plugin, AjaXplorer Core, and more. JAHx221 - RCE in copy/pasted...

PHP Library Remote Code Execution

JAHx221 - RCE in copy/pasted PHP compat libraries, jsondecode function =============================================================================== Several PHP compatability libraries contain a potential remote code execution flaw in their jsondecode function based on having copy pasted existi...

GSD-2022-1003773 arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall

arm64: compat: Do not treat syscall number as ESRELx for a bad syscall This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...

GSD-2022-1003385 arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall

arm64: compat: Do not treat syscall number as ESRELx for a bad syscall This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.46 by commit...