This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.

Read More

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-32205,
CVE-2023-32207, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212,
CVE-2023-32213, CVE-2023-32215, CVE-2023-32216)

Irvan Kurniawan discovered that Firefox did not properly manage memory
when using RLBox Expat driver. An attacker could potentially exploits this
issue to cause a denial of service. (CVE-2023-32206)

Anne van Kesteren discovered that Firefox did not properly validate the
import() call in service workers. An attacker could potentially exploits
this to obtain sensitive information. (CVE-2023-32208)

Sam Ezeh discovered that Firefox did not properly handle certain favicon
image files. If a user were tricked into opening a malicicous favicon file,
an attacker could cause a denial of service. (CVE-2023-32209)

Read More

USN-6073-3 fixed a vulnerability in Nova. The update introduced a
regression causing Nova to be unable to detach volumes from instances. This
update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly
handled deleted volume attachments. An authenticated user or attacker could
possibly use this issue to gain access to sensitive information.

This update may require configuration changes to be completely effective,
please see the upstream advisory for more information:

https://security.openstack.org/ossa/OSSA-2023-003.html

Read More

FEDORA-EPEL-2023-80ad867af8

Packages in this update:

chromium-113.0.5672.92-1.el8

Update description:

update to 113.0.5672.92.

update to 113.0.5672.64. Fixes the following security issues:

CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468

Read More

Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.

Read More

FEDORA-2023-e5a35f7197

Packages in this update:

qemu-7.2.1-2.fc38

Update description:

qga/win32: Fix local privilege escalation issue (CVE-2023-0664) (rhbz#2175700)

Read More