Read Time:8 Second
FEDORA-2023-6edb8fab0d
Packages in this update:
lilypond-2.24.1-1.fc36
lilypond-doc-2.24.1-1.fc36
Update description:
Fix for CVE-2020-17354
Monthly Archives: April 2023
CVE-2015-10103
Read Time:27 Second
A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the local host. Upgrading to version 1.4 is able to address this issue. The name of the patch is adf0c7fd59b9c935b4fd675c556265620124999c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-226119.
CVE-2015-10102
Read Time:22 Second
A vulnerability, which was classified as critical, has been found in Freshdesk Plugin 1.7 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to open redirect. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The name of the patch is 2aaecd4e0c7c6c1dc4e6a593163d5f7aa0fa5d5b. It is recommended to upgrade the affected component. VDB-226118 is the identifier assigned to this vulnerability.
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:29 Second
A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Montana Becomes First US State to Pass TikTok Ban
Read Time:4 Second
The ban needs to be signed into law by Republican Governor Greg Gianforte
Ransomware Attack Hits Payments Giant NCR’s Datacenter
Read Time:5 Second
The ransomware attack targeted one of its data centers in Hawaii and affected some PoS products
Google urges users to update Chrome to address zero-day vulnerability
Read Time:31 Second
Google has released an emergency Chrome security update to address a zero-day vulnerability targeted by an exploit, already in circulation on the internet, that can allow malicious code to be executed.
Google is urging users to upgrade Chrome to the new version, 112.0.5615.121, as soon as possible. The updated version addresses the vulnerability, which affects Windows, Mac, and Linux systems, and is listed as CVE-2023-2033 in the US’ National Vulnerability Database.
Meanwhile, the update will roll out in the coming weeks on Google’s stable desktop channel, the company said.
Qbot Banking Trojan Increasingly Delivered Via Business Emails
Read Time:5 Second
Observed by Kaspersky, the campaign relied on emails written in English, German, Italian and French
Friendly Hacker, Keren Elazari, to Announced as Keynote Speaker at Infosecurity Europe 2023
Read Time:6 Second
Acclaimed analyst and author, Keren Elazari, to deliver keynote exploring the intersection of cyber conflict and politics at Infosecurity Europe 2023
USN-5855-4: ImageMagick vulnerabilities
Read Time:25 Second
USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the
corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain PNG images.
If a user or automated system were tricked into opening a specially crafted
PNG file, an attacker could use this issue to cause ImageMagick to stop
responding, resulting in a denial of service, or possibly obtain the
contents of arbitrary files by including them into images.