This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
Category Archives: Advisories
ZDI-23-629: D-Link DIR-2150 SetSysEmailSettings EmailTo Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-23-628: D-Link DIR-2150 HNAP Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-627: D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.
ZDI-23-626: D-Link DIR-2150 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-23-625: D-Link DIR-2150 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
USN-6074-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-32205,
CVE-2023-32207, CVE-2023-32210, CVE-2023-32211, CVE-2023-32212,
CVE-2023-32213, CVE-2023-32215, CVE-2023-32216)
Irvan Kurniawan discovered that Firefox did not properly manage memory
when using RLBox Expat driver. An attacker could potentially exploits this
issue to cause a denial of service. (CVE-2023-32206)
Anne van Kesteren discovered that Firefox did not properly validate the
import() call in service workers. An attacker could potentially exploits
this to obtain sensitive information. (CVE-2023-32208)
Sam Ezeh discovered that Firefox did not properly handle certain favicon
image files. If a user were tricked into opening a malicicous favicon file,
an attacker could cause a denial of service. (CVE-2023-32209)
USN-6073-5: Nova regression
USN-6073-3 fixed a vulnerability in Nova. The update introduced a
regression causing Nova to be unable to detach volumes from instances. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Jan Wasilewski and Gorka Eguileor discovered that Nova incorrectly
handled deleted volume attachments. An authenticated user or attacker could
possibly use this issue to gain access to sensitive information.
This update may require configuration changes to be completely effective,
please see the upstream advisory for more information:
https://security.openstack.org/ossa/OSSA-2023-003.html
chromium-113.0.5672.92-1.el8
FEDORA-EPEL-2023-80ad867af8
Packages in this update:
chromium-113.0.5672.92-1.el8
Update description:
update to 113.0.5672.92.
update to 113.0.5672.64. Fixes the following security issues:
CVE-2023-2459 CVE-2023-2460 CVE-2023-2461 CVE-2023-2462 CVE-2023-2463 CVE-2023-2464 CVE-2023-2465 CVE-2023-2466 CVE-2023-2467 CVE-2023-2468
DSA-5403 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.