katalyst-koi: Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

[SECURITY] Fedora 44 Update: plasma5support-6.6.4-1.fc44

Support components for porting from KF5/Qt5 to KF6/Qt6...

[SECURITY] Fedora 42 Update: libpcap-1.10.6-1.fc42

Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this...

Biting the CHERI Bullet: Blockers, Enablers and Security Implications of CHERI in Defence

There is growing interest in securing the hardware foundations software stacks build upon. However, before making any investment decision, software and hardware supply chain stakeholders require evidence from realistic, multiple long-term studies of adoption. We present results from a 12 month...

CVE-2022-49233

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Call dcstreamrelease for remove link enc assignment Why A porting error resulted in the stream assignment for the link being retained without being released - a memory leak. How Fix the porting error by adding ba...

CVE-2023-25168 Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings

Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with GHSA-p8r3-83r8-jwj5 to overwrite files on the host system. In order to use this exploit, an attacker must have an...

Linux Variant of Clop Ransomware Spotted, But Uses Faulty Encryption Algorithm

The first-ever Linux variant of the Clop ransomware has been detected in the wild, but with a faulty encryption algorithm that has made it possible to reverse engineer the process. "The ELF executable contains a flawed encryption algorithm making it possible to decrypt locked files without paying...

[SECURITY] Fedora 36 Update: java-1.8.0-openjdk-aarch32-1.8.0.345.b01-1.fc36.1

A preview release of the upstream OpenJDK AArch32 porting project. The OpenJDK runtime environment...

MAL-2022-516 Malicious code in @porting-assistant/react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4c1f711d55f80d5bd350471903e1e022a54523b822bd6cd1af9c4042ffc803b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-514 Malicious code in @porting-assistant/electron (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e0c5dc04c11f8e8434e22dc23673ac871d15cabae44c1fd6ea8a3ef9443c0c90 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-515 Malicious code in @porting-assistant/integration-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 757fb325921aaf211808046101e53811f0ac571b5b1f25882a8ea84b4e2ab05c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Fedora: Security Advisory for java-1.8.0-openjdk-aarch32 (FEDORA-2022-efaa7e8775)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc34

A preview release of the upstream OpenJDK AArch32 porting project. The OpenJDK runtime environment...

[SECURITY] Fedora 35 Update: java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc35

A preview release of the upstream OpenJDK AArch32 porting project. The OpenJDK runtime environment...

[SECURITY] Fedora 36 Update: java-1.8.0-openjdk-aarch32-1.8.0.332.b09-1.fc36

A preview release of the upstream OpenJDK AArch32 porting project. The OpenJDK runtime environment...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

CVE-2015-20107

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...

PSF-2022-1 mailcap shell command injection

In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input if they lack validation of user-provided...