Read Time:3 Second
Medical and insurance data exposed in ransomware attack
Daily Archives: May 16, 2023
USN-6076-1: Synapse vulnerabilities
Read Time:41 Second
It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2019-18835, CVE-2018-12291, CVE-2018-10657)
It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to hijack the
session. (CVE-2019-11842, CVE-2018-12423)
It was discovered that Synapse incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to perform
spoofing or user impersonation. (CVE-2019-5885, CVE-2018-16515)
qt5-qtbase-5.15.9-3.fc38
Read Time:7 Second
FEDORA-2023-b9ead419b6
Packages in this update:
qt5-qtbase-5.15.9-3.fc38
Update description:
Fixes CVE-2023-32762 and CVE-2023-32763.
qt5-qtbase-5.15.9-3.fc37
Read Time:7 Second
FEDORA-2023-f42087b533
Packages in this update:
qt5-qtbase-5.15.9-3.fc37
Update description:
Fixes CVE-2023-32762 and CVE-2023-32763.
USN-6074-2: Firefox regressions
Read Time:55 Second
USN-6074-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-32205,
CVE-2023-32207, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212,
CVE-2023-32213, CVE-2023-32215, CVE-2023-32216)
Irvan Kurniawan discovered that Firefox did not properly manage memory
when using RLBox Expat driver. An attacker could potentially exploits this
issue to cause a denial of service. (CVE-2023-32206)
Anne van Kesteren discovered that Firefox did not properly validate the
import() call in service workers. An attacker could potentially exploits
this to obtain sensitive information. (CVE-2023-32208)
Sam Ezeh discovered that Firefox did not properly handle certain favicon
image files. If a user were tricked into opening a malicicous favicon file,
an attacker could cause a denial of service. (CVE-2023-32209)
SEC Consult SA-20230515-0 :: Multiple Vulnerabilities in Kiddoware Kids Place Parental Control Android App
Read Time:18 Second
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 15
SEC Consult Vulnerability Lab Security Advisory < 20230515-0 >
=======================================================================
title: Multiple Vulnerabilities
product: Kiddoware Kids Place Parental Control Android App
vulnerable version: <=3.8.49
fixed version: 3.8.50 or higher
CVE number: CVE-2023-28153, CVE-2023-29078, CVE-2023-29079
impact: High
homepage:…