Christian Holler discovered that incorrect handling of PKCS 12 Safe Bag
attributes in nss, the Mozilla Network Security Service library, may
result in execution of arbitrary code if a specially crafted PKCS 12
certificate bundle is processed.
Category Archives: Advisories
DSA-5352 wpewebkit – security update
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
DSA-5351 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2019-17003
Scanning a QR code that contained a javascript: URL would have resulted in the Javascript being executed.
CVE-2020-12413
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabled support for DHE ciphersuites.
CVE-2020-6817
bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(…, attributes={‘a’: [‘style’]}).
CVE-2021-23980
A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
CVE-2021-0187
Improper access control in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access.
haproxy-2.4.22-2.fc36
FEDORA-2023-7e04833463
Packages in this update:
haproxy-2.4.22-2.fc36
Update description:
Security fix for CVE-2023-0056, CVE-2023-25725
haproxy-2.6.9-1.fc37
FEDORA-2023-3e8a21cd5b
Packages in this update:
haproxy-2.6.9-1.fc37
Update description:
Security fix for CVE-2023-0056, CVE-2023-25725