Read Time:7 Second
FEDORA-2023-26b58f8098
Packages in this update:
epiphany-42.5-1.fc36
Update description:
New upstream version, including fix for CVE-2023-26081
Daily Archives: February 21, 2023
epiphany-43.1-1.fc37
Read Time:7 Second
FEDORA-2023-d8d2cd7c58
Packages in this update:
epiphany-43.1-1.fc37
Update description:
New upstream version, including fix for CVE-2023-26081
CVE-2015-10085
Read Time:23 Second
A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The name of the patch is b91aa4674d460993765884e8463c70e6d886bc90. It is recommended to apply a patch to fix this issue. VDB-221506 is the identifier assigned to this vulnerability.
New Privilege Escalation Bug Class Found on macOS and iOS
Read Time:4 Second
The new class of privilege escalation bugs is based on the ForcedEntry attack
Hackers Exploit Privilege Escalation Flaw on Windows Backup Service
Read Time:4 Second
The flaw is triggered using the Race Condition between temporary file creation and deletion
Alcatraz AI streamlines facial recognition access control with mobile update
Read Time:33 Second
Access control provider Alcatraz AI is adding web-based, mobile enrollment and privacy consent management to its flagship facial authentication product, the Rock, to enhance building security and ease employee and visitor registration.
The Rock includes an edge device installed near the doors to buildings and secure areas, using 3D facial mapping and machine learning analytics for facial authentication. The update adds mobile enrollment to the system to streamline onboarding by allowing new employees and visitors to register remotely and securely through their own mobile devices and tablets, according to Blaine Fredrick, vice president of products at Alcatraz AI.
Researchers Uncover New Information Stealer ‘Stealc’
Read Time:5 Second
Stealc is a fully featured stealer, whose development relied on Vidar, Raccoon, Mars and Redline
USN-5881-1: Chromium vulnerabilities
Read Time:1 Minute, 3 Second
It was discovered that Chromium did not properly manage memory. A remote
attacker could possibly use these issues to cause a denial of service or
execute arbitrary code via a crafted HTML page. (CVE-2023-0471,
CVE-2023-0472, CVE-2023-0473, CVE-2023-0696, CVE-2023-0698, CVE-2023-0699,
CVE-2023-0702, CVE-2023-0705)
It was discovered that Chromium did not properly manage memory. A remote
attacker who convinced a user to install a malicious extension could
possibly use this issue to corrupt memory via a Chrome web app.
(CVE-2023-0474)
It was discovered that Chromium contained an inappropriate implementation
in the Download component. A remote attacker could possibly use this issue
to spoof contents of the Omnibox (URL bar) via a crafted HTML page.
(CVE-2023-0700)
It was discovered that Chromium did not properly manage memory. A remote
attacker who convinced a user to engage in specific UI interactions could
possibly use these issues to cause a denial of service or execute
arbitrary code. (CVE-2023-0701, CVE-2023-0703)
It was discovered that Chromium insufficiently enforced policies. A remote
attacker could possibly use this issue to bypass same origin policy and
proxy settings via a crafted HTML page. (CVE-2023-0704)
CVE-2015-10084
Read Time:20 Second
A vulnerability was found in irontec klear-library chloe and classified as critical. Affected by this issue is the function _prepareWhere of the file Controller/Rest/BaseController.php. The manipulation leads to sql injection. Upgrading to version marla is able to address this issue. The name of the patch is b25262de52fdaffde2a4434fc2a84408b304fbc5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221504.
CVE-2015-10083
Read Time:24 Second
A vulnerability has been found in harrystech Dynosaur-Rails and classified as critical. Affected by this vulnerability is the function basic_auth of the file app/controllers/application_controller.rb. The manipulation leads to improper authentication. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The name of the patch is 04b223813f0e336aab50bff140d0f5889c31dbec. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221503.