Read Time:6 Second
FEDORA-2022-e15be0091f
Packages in this update:
libarchive-3.6.1-3.fc37
Update description:
Fix for CVE-2022-36227
Category Archives: Advisories
Multiple Vulnerabilities in Google Android OS Could Allow for Arbitrary Code Execution
Read Time:25 Second
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.
CVE-2021-39434
Read Time:9 Second
A default username and password for an administrator account was discovered in ZKTeco ZKTime 10.0 through 11.1.0, builds 20180901, 20190510.1, 20200309.3, 20200930, 20201231, and 20210220.
DSA-5296 xfce4-settings – security update
Read Time:20 Second
Robin Peraglie and Johannes Moritz discovered an argument injection bug in the
xfce4-mime-helper component of xfce4-settings, which can be exploited using the
xdg-open common tool. Since xdg-open is used by multiple standard applications
for opening links, this bug could be exploited by an attacker to run arbitrary
code on an user machine by providing a malicious PDF file with specifically
crafted links.
DSA-5297 vlc – security update
Read Time:7 Second
A buffer overflow was discovered in the VNC module of the VLC media
player, which could result in the execution of arbitrary code.
CVE-2022-23143 (otcp_firmware)
Read Time:10 Second
ZTE OTCP product is impacted by a permission and access control vulnerability. Due to improper permission settings, an attacker with high permissions could use this vulnerability to maliciously delete and modify files.
CVE-2021-34181 (tomexam)
Read Time:5 Second
Cross Site Scripting (XSS) vulnerability in TomExam 3.0 via p_name parameter to list.thtml.
CVE-2022-1540 (postmagthemes_demo_import)
Read Time:10 Second
The PostmagThemes Demo Import WordPress plugin through 1.0.7 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) leading to RCE.
USN-5762-1: GNU binutils vulnerability
Read Time:8 Second
It was discovered that GNU binutils incorrectly handled certain COFF files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
USN-5761-1: ca-certificates update
Read Time:9 Second
Due to security concerns, the TrustCor certificate authority has been
marked as distrusted in Mozilla’s root store. This update removes the
TrustCor CA certificates from the ca-certificates package.