Read Time:4 Second
We are all in it together, says the DoE’s chief information officer
Daily Archives: October 12, 2022
USN-5671-1: AdvanceCOMP vulnerabilities
Read Time:32 Second
It was discovered that AdvanceCOMP did not properly manage memory of function
be_uint32_read() under certain circumstances. If a user were tricked into
opening a specially crafted binary file, a remote attacker could possibly use
this issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8379)
It was discovered that AdvanceCOMP did not properly manage memory of function
adv_png_unfilter_8() under certain circumstances. If a user were tricked into
opening a specially crafted PNG file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8383)
dhcp-4.4.3-4.P1.fc35
Read Time:12 Second
FEDORA-2022-c4f274a54f
Packages in this update:
dhcp-4.4.3-4.P1.fc35
Update description:
New version 4.4.3-P1 (rhbz#2132240)
Fix for CVE-2022-2928 (rhbz#2132429)
Fix for CVE-2022-2929 (rhbz#2132430)
A Vulnerability in FortiOS / FortiProxy / FortiSwitch Manager Could Allow for Authentication Bypass
Read Time:35 Second
A vulnerability has been discovered in FortiOS, FortiProxy and FortiSwitchManager, which could allow for authentication bypass on administrative interface. FortiOS is the Fortinet’s proprietary Operation System which is utilized across multiple product lines. FortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques. FortiSwitch Manager is an on-premise management platform for the FortiSwitch product. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Critical Patches Issued for Microsoft Products, October 11, 2022
Read Time:24 Second
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
DSA-5252 libreoffice – security update
Read Time:6 Second
It was discovered that insufficient validation of
vnd.libreoffice.command URI schemes could result in the execution of
arbitrary macro commands.