Category Archives: Advisories

USN-7084-2: pip vulnerability

Read Time:15 Second

USN-7084-1 fixed vulnerability in urllib3. This update provides the
corresponding update for the urllib3 module bundled into pip.

Original advisory details:

It was discovered that urllib3 didn’t strip HTTP Proxy-Authorization
header on cross-origin redirects. A remote attacker could possibly use
this issue to obtain sensitive information.

Read More

opendmarc-1.4.2-21.fc42

Read Time:27 Second

FEDORA-2024-dede8e91b1

Packages in this update:

opendmarc-1.4.2-21.fc42

Update description:

Automatic update for opendmarc-1.4.2-21.fc42.

Changelog

* Wed Oct 30 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.4.2-21
– Fix for CVE-2024-25768 – Closes rhbz#2266175 rhbz#2266174
* Tue Oct 29 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.4.2-15
– Simplify spec
– Remove checks on if systemd is present
– Remove checks on old Fedora releases
– Remove checks on EL7 or older
– Use make macros

Read More

Multiple Vulnerabilities in Siemens InterMesh Subscriber Devices Could Allow for Remote Code Execution

Read Time:25 Second

Multiple vulnerabilities have been discovered in Siemens InterMesh Subscriber Devices, the most severe of which could allow for remote code execution. InterMesh leverages mesh radio technology and hardened alarm monitoring panels to create a private, self-healing network that delivers alarm signals. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data.

Read More

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Read Time:28 Second

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More