This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-42856.
Yearly Archives: 2023
ZDI-23-1605: Apple macOS Hydra ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Hydra framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-42856.
ZDI-23-1606: Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44432.
ZDI-23-1607: Kofax Power PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44435.
ZDI-23-1608: Kofax Power PDF File Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-44436.
ZDI-23-1609: Kofax Power PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-44434.
ZDI-23-1610: Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-44433.
USN-6456-2: Firefox regressions
USN-6456-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-5722,
CVE-2023-5724, CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731)
Kelsey Gilbert discovered that Firefox did not properly manage certain
browser prompts and dialogs due to an insufficient activation-delay. An
attacker could potentially exploit this issue to perform clickjacking.
(CVE-2023-5721)
Daniel Veditz discovered that Firefox did not properly validate a cookie
containing invalid characters. An attacker could potentially exploit this
issue to cause a denial of service. (CVE-2023-5723)
Shaheen Fazim discovered that Firefox did not properly validate the URLs
open by installed WebExtension. An attacker could potentially exploit this
issue to obtain sensitive information. (CVE-2023-5725)
rust-cargo-0.74.0-1.fc40 rust-cargo-c-0.9.27-1.fc40 rust-cargo-credential-0.3.0-1.fc40 rust-cargo-credential-libsecret-0.3.1-1.fc40 rust-cbindgen-0.26.0-1.fc40 rust-cbindgen0.24-0.24.5-1.fc40 rust-crates-io-0.38.0-1.fc40 rust-git2-curl-0.18.0-1.fc40
FEDORA-2023-6f419dc91b
Packages in this update:
rust-cargo-0.74.0-1.fc40
rust-cargo-c-0.9.27-1.fc40
rust-cargo-credential-0.3.0-1.fc40
rust-cargo-credential-libsecret-0.3.1-1.fc40
rust-cbindgen0.24-0.24.5-1.fc40
rust-cbindgen-0.26.0-1.fc40
rust-crates-io-0.38.0-1.fc40
rust-git2-curl-0.18.0-1.fc40
Update description:
Update cargo-c to version 0.7.29+cargo-0.74.0.
Update the cargo crate to version 0.74.0.
Update cbindgen to version 0.26.0.
Add a compat package version 0.24 of the bindgen crate.
Update the crates-io crate to version 0.38.0.
Update the git2-curl crate to version 0.18.0.
Initial packaging of the cargo-credential and cargo-credential-libsecret crates.
audiofile-0.3.6-36.el8
FEDORA-EPEL-2023-bdf128f5d3
Packages in this update:
audiofile-0.3.6-36.el8
Update description:
Patch for CVE-2022-24599