DL1 bug fix update

An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

WordPress 3xSocializer plugin <= 0.98.22 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by Lenon Leite Patchstack Alliance in WordPress 3xSocializer plugin versions = 0.98.22. Solution No patched version is available. Deactivate and delete. This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may n...

In Python (aka CPython) up to 3.10.8 the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7 3.8 3.9

...

[SECURITY] Fedora 35 Update: rubygem-nokogiri-1.13.1-2.fc35

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

[SECURITY] Fedora 34 Update: rubygem-nokogiri-1.11.7-2.fc34

Nokogiri parses and searches XML/HTML very quickly, and also has correctly implemented CSS3 selector support as well as XPath support. Nokogiri also features an Hpricot compatibility layer to help ease the change to using correct CSS and XPath...

openSUSE: Security Advisory for nbd (SUSE-SU-2022:1276-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

OWASP Coraza WAF - A Golang Modsecurity Compatible Web Application Firewall Library

Welcome to OWASP Coraza Web Application Firewall, OWASP Coraza is a golang enterprise-grade Web Application Firewall framework that supports Modsecurity's seclang language and is 100% compatible with OWASP Core Ruleset. Prerequisites Linux distribution Debian and Centos are recommended, Windows i...

Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software

Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller WLC that could be abused by an unauthenticated, remote attacker to take control of an affected system. Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and...

April 12, 2022-KB5012123 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2

April 12, 2022-KB5012123 Cumulative Update for .NET Framework 3.5 and 4.8 for Microsoft server operating system version 21H2 Release Date: April 12, 2022 Version: .NET Framework 3.5 and 4.8 Summary Security Improvements This security update addresses an issue where an unauthenticated attacker cou...

The vulnerability of TLS and SSL Mbed TLS implementations lies in the exposure of information due to incompatibilities, allowing attackers to gain access to confidential data.

The vulnerability of TLS and SSL Mbed TLS implementations lies in the dependence of the instruction’s execution time on the data of that instruction. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

Japanese 106 keyboard not supported while using Scancode keyboard event mode in CWA Linux

When setting "KeyboardEventMode = Scancode" in the wfclient.ini from CWA Linux, some keys on the Japanese 106 keyboard layout are unable to be mapped correctly to Windows VDA. Scancode mode does not support the Japanese 106 keyboard layout yet Note :CWA Linux supports AT 101, 102, 104, 105, and...

[SECURITY] Fedora 36 Update: openssl1.1-1.1.1n-1.fc36

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases...

MGASA-2022-0127 Updated php-smarty packages fix security vulnerability

Updated php-smarty packages to version 4 for php 8 compatibility and to fix security vulnerabilities...

Updated php-smarty packages fix security vulnerability

Updated php-smarty packages to version 4 for php 8 compatibility and to fix security vulnerabilities...

Gateway page stuck after authentication on Chrome browser v100

- Citrix Gateway integration with Storefront -Custom Themes based on RFWEBUI, but may appear with others too - Observed at CVPN and Regular Storefront Integrations. -Chrome Version updated to 100.0.4896.60 Official Build 64-bit or later triggers the issue. - Page is stuck spinning circle...

Security Bulletin: Multiple vulnerabilities in IBM® Java™ Runtime may affect IBM Decision Optimization Center (CVE-2022-21360, CVE-2022-21365)

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 & 8 used by IBM Decision Optimization Center. IBM Decision Optimization Center has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2022-21365 DESCRIPTION: An unspecified vulnerability in Java S...

Python Exec, Command Shell, Reverse UDP (via python)

Execute a Python payload as an OS command from a Posix-compatible shell. Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. Module Options msf use payload/cmd/unix/python/shellreverseudp msf payloadshellreverseudp show actions...

The compatibility subsystem for running Linux applications allows the Windows Subsystem for Linux (WSL), a operating system from Microsoft Windows, to be utilized by attackers to increase their privileges.

The vulnerability of the compatibility subsystem for running Linux applications, namely the Windows Subsystem for Linux WSL of the Microsoft operating system, is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

SUSE: Security Advisory (SUSE-SU-2022:0859-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : glibc (ELSA-2022-0896)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-0896 advisory. - CVE-2021-3999: getcwd: align stack on clone in aarch64 and fix a memory leak 2032280 - CVE-2022-23218, CVE-2022-23219: Fix buffer overflows in sunrpc...