Improper path handling in Obsidian desktop before 1.2.8 on Windows, Linux and macOS allows a crafted webpage to access local files and exfiltrate them to remote web servers via “app://local/<absolute-path>”. This vulnerability can be exploited if a user opens a malicious markdown file in Obsidian, or copies text from a malicious webpage and paste it into Obsidian.
clamav-1.0.2-1.el9
CVE-2023-20197 ClamAV File Scanning Infinite Loop Denial of Service Vulnerability
Squid Brand is a Thai company that makes fish sauce:
It is part of Squid Brand’s range of “personalized healthy fish sauces” that cater to different consumer groups, which include the Mild Fish Sauce for Kids and Mild Fish Sauce for Silver Ages.
It also has a Vegan Fish Sauce.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition.
chromium-116.0.5845.96-1.el9
update to 116.0.5845.96. Fixes following security issues:
CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353
CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359
CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
chromium-116.0.5845.96-1.el7
update to 116.0.5845.96. Fixes following security issues:
CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353
CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359
CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
chromium-116.0.5845.96-1.fc37
update to 116.0.5845.96. Fixes following security issues:
CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353
CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359
CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
chromium-116.0.5845.96-1.fc38
update to 116.0.5845.96. Fixes following security issues:
CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353
CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359
CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
chromium-116.0.5845.96-1.el8
update to 116.0.5845.96. Fixes following security issues:
CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353
CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-4357 CVE-2023-4358 CVE-2023-4359
CVE-2023-4360 CVE-2023-4361 CVE-2023-4362
Cofense said that over 29% of the malicious emails were directed at the energy sector giant
