curl-7.85.0-5.fc37
smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
curl-7.82.0-12.fc36
smb/telnet: fix use-after-free when HTTP proxy denies tunnel (CVE-2022-43552)
http: use the IDN decoded name in HSTS checks (CVE-2022-43551)
This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Illustrator. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Siemens JT2Go. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20
SEC Consult Vulnerability Lab Security Advisory < 20221216-0 >
=======================================================================
title: Remote code execution – CVE-2021-34427 bypass
product: Eclipse Business Intelligence Reporting Tool (BiRT)
vulnerable version: <= 4.11.0
fixed version: 4.12
CVE number: CVE-2021-34427
impact: High
homepage:…
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Dec 20
Hi,
earlier this year in February 2022, we published a technical security advisory –
https://sec-consult.com/vulnerability-lab/advisory/multiple-critical-vulnerabilities-in-multiple-zyxel-devices/ – on
different critical vulnerabilities in Zyxel devices, resulting from insecure coding practices and insecure
configuration.
Those also included a highly critical unauthenticated buffer overflow vulnerability in the proprietary Zyxel web server…
Posted by Apple Product Security via Fulldisclosure on Dec 20
APPLE-SA-2022-12-13-9 Safari 16.2
Safari 16.2 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT213537.
WebKit
Available for: macOS Big Sur and macOS Monterey
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
WebKit Bugzilla: 245521
CVE-2022-42867: Maddie…
