An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.
More Stories
firefox-flatpak-120.0-2
FEDORA-FLATPAK-2023-85f15b91dc Packages in this update: firefox-flatpak-120.0-2 Update description: Fixed freezes on Google Maps Update to 120.0 Read More
opendkim-2.11.0-0.36.el9
FEDORA-EPEL-2023-9a05f8b1eb Packages in this update: opendkim-2.11.0-0.36.el9 Update description: Add upstream PR that filters Authentication-Results headers correctly to fix CVE-2022-48521. Read...
firefox-120.0-3.fc37
FEDORA-2023-dce9c4b01f Packages in this update: firefox-120.0-3.fc37 Update description: Fixed freezes on Google Maps Updated to latest upstream (120.0) Read More
SEC Consult SA-20231123 :: Uninstall Key Caching in Fortra Digital Guardian Agent Uninstaller
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 27 SEC Consult Vulnerability Lab Security Advisory < 20231123-0...
SEC Consult SA-20231122 :: Multiple Vulnerabilities in m-privacy TightGate-Pro
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Nov 27 SEC Consult Vulnerability Lab Security Advisory < 20231122-0...
Senec Inverters Home V1, V2, V3 Home & Hybrid Use of Hard-coded Credentials – CVE-2023-39169
Posted by Phos4Me via Fulldisclosure on Nov 27 Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS:...