GE CIMPICITY versions 2022 and prior is vulnerable when data from faulting address controls code flow starting at gmmiObj!CGmmiOptionContainer, which could allow an attacker to execute arbitrary code.
Apple has rolled out a number of security features that will now offer end-to-end encryption to protect data, including backups, contacts, notes, photos, and wallet passes. The company also announced hardware Security Keys for Apple ID.
freeradius-3.0.26-1.fc36
Update to upstream release 3.0.26.
Jacob Champion discovered that PostgreSQL incorrectly handled SSL
certificate verification and encryption. A remote attacker could possibly
use this issue to inject arbitrary SQL queries when a connection is first
established.
Attacks included fraud, vulnerability exploitation, fake applications and info stealer deployments
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
After business groups argued that proposed legislation to curb use of Chinese-made semiconductors would hurt national security, lawmakers amended it—but a final vote and the president’s approval of the proposed National Defense Authorization Act (NDAA) is still to come.
The watchdog also confirmed it plans on opening a compliance investigation into the incident
Phosphorus published a report encapsulating five years of security research and device testing.
python3.8-3.8.16-1.fc35
Update to 3.8.16
