Read Time:7 Second
FEDORA-2024-91f5df4002
Packages in this update:
python-cryptography-41.0.7-1.fc39
Update description:
Security fix for CVE-2023-49083
Daily Archives: February 4, 2024
python-cryptography-41.0.7-1.fc40
Read Time:16 Second
FEDORA-2024-9d2de2b051
Packages in this update:
python-cryptography-41.0.7-1.fc40
Update description:
Automatic update for python-cryptography-41.0.7-1.fc40.
Changelog
* Thu Feb 1 2024 Benjamin A. Beasley <code@musicinmybrain.net> – 41.0.7-1
– Update to 41.0.7, fixes rhbz#2255351, CVE-2023-49083
APPLE-SA-02-02-2024-1 visionOS 1.0.2
Read Time:24 Second
Posted by Apple Product Security via Fulldisclosure on Feb 04
APPLE-SA-02-02-2024-1 visionOS 1.0.2
visionOS 1.0.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214070.
Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.
WebKit
Available for: Apple Vision Pro
Impact: Processing maliciously crafted web content may lead to
arbitrary code…
Out-of-bounds read & write in the glibc’s qsort()
Read Time:15 Second
Posted by Qualys Security Advisory via Fulldisclosure on Feb 04
Qualys Security Advisory
For the algorithm lovers: Nontransitive comparison functions lead to
out-of-bounds read & write in glibc’s qsort()
========================================================================
Contents
========================================================================
Summary
Background
Experiments
Analysis
Patch
Discussion
Acknowledgments
Timeline
CUT MY LIST IN TWO PIECES
THAT’S HOW YOU START…
CVE-2023-6246: Heap-based buffer overflow in the glibc’s syslog()
Read Time:10 Second
Posted by Qualys Security Advisory via Fulldisclosure on Feb 04
Qualys Security Advisory
CVE-2023-6246: Heap-based buffer overflow in the glibc’s syslog()
========================================================================
Contents
========================================================================
Summary
Analysis
Proof of concept
Exploitation
Acknowledgments
Timeline
========================================================================
Summary…
Research about usage & possible issues of the NVD
Read Time:23 Second
Posted by Andreas Hammer on Feb 04
Hello there!
The University of Erlangen-Nuremberg (Germany) is conducting a research
study to investigate the usage and possible issues of the NVD (National
Vulnerability Database). If you are using the NVD regularly, we would
greatly appreciate your participation which contributes to the
improvement of vulnerability management. You can read more about the
survey here:
https://www.cs1.tf.fau.de/2024/01/29/survey-on-usage-of-nvd/
The…
TROJAN.WIN32 BANKSHOT / Remote Stack Buffer Overflow (SEH)
Read Time:20 Second
Posted by malvuln on Feb 04
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024
Original source:
https://malvuln.com/advisory/f2fd6a7b400782bb43499e722fb62cf4.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln
Threat: Trojan.Win32 BankShot
Vulnerability: Remote Stack Buffer Overflow (SEH)
Description: The malware listens on TCP port 1978 and creates a local
Windows service running with SYSTEM integrity. Third-party adversaries who
can reach the…
[KIS-2024-01] XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability
Read Time:15 Second
Posted by Egidio Romano on Feb 04
————————————————————
XenForo <= 2.2.13 (ArchiveImport.php) Zip Slip Vulnerability
————————————————————
[-] Software Link:
[-] Affected Versions:
Version 2.2.13 and prior versions.
[-] Vulnerability Description:
The vulnerability is located in the
/src/XF/Service/Style/ArchiveImport.php script. Specifically, into the…
NULL pointer dereference in the function handle_viminfo_register() of vim
Read Time:24 Second
Posted by Christian Brabandt on Feb 04
Meng Ruijie wrote:
Meng,
This particular problem was fixed in Vim v9.0.1740
https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853
I have no idea, why this issue is worth a CVE, because if an attacker
can modify your .viminfo file to make Vim crash, he already has the
possibilities to do much more harm directly. So I don’t think this is
particular useful CVE. I’d also like to dispute this.
Thanks,
Christian
DSA-5615-1 runc – security update
Read Time:13 Second
It was discovered that runc, a command line client for running
applications packaged according to the Open Container Format (OCF), was
suspectible to multiple container breakouts due to an internal file
descriptor leak.