This vulnerability allows remote attackers to disclose sensitive information on affected installations of VBASE VISAM Automation Base. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft GitHub. Authentication is required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Inductive Automation Ignition. Authentication is required to exploit this vulnerability.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. User interaction is required to exploit this vulnerability in that the target must connect to a malicious server.
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Inductive Automation Ignition. Authentication is not required to exploit this vulnerability.
USN-6267-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-4047,
CVE-2023-4048, CVE-2023-4049, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055,
CVE-2023-4056, CVE-2023-4057, CVE-2023-4058)
Max Vlasov discovered that Firefox Offscreen Canvas did not properly track
cross-origin tainting. An attacker could potentially exploit this issue to
access image data from another site in violation of same-origin policy.
(CVE-2023-4045)
Alexander Guryanov discovered that Firefox did not properly update the
value of a global variable in WASM JIT analysis in some circumstances. An
attacker could potentially exploit this issue to cause a denial of service.
(CVE-2023-4046)
Mark Brand discovered that Firefox did not properly validate the size of
an untrusted input stream. An attacker could potentially exploit this issue
to cause a denial of service. (CVE-2023-4050)
Posted by Georgi Guninski on Aug 07
Affected: GNOME Files 43.4 (nautilus) on fedora 37
Description:
If an user A opens in GNOME files zip archive containing
`setuid` file F, then F will be silently extracted to
a subdirectory of CWD.
If F is accessible by hostile local user B and B executes F,
then F will be executed as from user A.
tar(1) and unzip(1) are not vulnerable to this attack.
Session for creating the ZIP.
After that just open f.zip in GNOME files.
<pre>…
