It was discovered that Salt incorrectly handled crafted web requests.
A remote attacker could possibly use this issue to run arbitrary
commands. (CVE-2020-16846)

It was discovered that Salt incorrectly created certificates with weak
file permissions. (CVE-2020-17490)

It was discovered that Salt incorrectly handled credential validation.
A remote attacker could possibly use this issue to bypass authentication.
(CVE-2020-25592)

It was discovered that Salt incorrectly handled crafted process names.
An attacker could possibly use this issue to run arbitrary commands.
This issue only affected Ubuntu 18.04 LTS. (CVE-2020-28243)

It was discovered that Salt incorrectly handled validation of SSL/TLS
certificates. A remote attacker could possibly use this issue to spoof
a trusted entity. (CVE-2020-28972, CVE-2020-35662)

It was discovered that Salt incorrectly handled credential validation.
A remote attacker could possibly use this issue to run arbitrary code.
(CVE-2021-25281)

It was discovered that Salt incorrectly handled crafted paths. A remote
attacker could possibly use this issue to perform directory traversal.
(CVE-2021-25282)

It was discovered that Salt incorrectly handled template rendering. A
remote attacker could possibly this issue to run arbitrary code.
(CVE-2021-25283)

It was discovered that Salt incorrectly handled logging. An attacker
could possibly use this issue to discover credentials. This issue only
affected Ubuntu 18.04 LTS. (CVE-2021-25284)

It was discovered that Salt incorrectly handled crafted web requests.
A remote attacker could possibly use this issue to run arbitrary
commands. This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3148)

It was discovered that Salt incorrectly handled input sanitization.
A remote attacker could possibly use this issue to run arbitrary
commands. (CVE-2021-3197)

Read More

FEDORA-2024-750bcd7d5c

Packages in this update:

python3.12-3.12.5-1.fc41

Update description:

Automatic update for python3.12-3.12.5-1.fc41.

Changelog

* Wed Aug 7 2024 Tomáš Hrnčiar <thrnciar@redhat.com> – 3.12.5-1
– Update to 3.12.5
– Fixes: rhbz#2303159 (email header injection)

Read More

FEDORA-EPEL-2024-81aea1f9b6

Packages in this update:

tinyproxy-1.11.2-2.el10_0

Update description:

Automatic update for tinyproxy-1.11.2-2.el10_0.

Changelog

* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.11.2-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
* Tue Jul 16 2024 Carl George <carlwgeorge@fedoraproject.org> – 1.11.2-1
– Update to version 1.11.2 rhbz#2298298
– Fixes CVE-2023-49606 rhbz#2278396
* Wed Feb 14 2024 Carl George <carlwgeorge@fedoraproject.org> – 1.11.1-1
– Update to version 1.11.1 rhbz#2220885
– Switch to SPDX license identifier and mark license file appropriately
– Use upstream default config file with minimal changes
– Log to journal instead of files
– Run daemon in foreground to remove the need for pidfile tracking
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> – 1.10.0-14
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> – 1.10.0-13
– Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> – 1.10.0-12
– Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> – 1.10.0-11
– Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.1. The following CVEs are assigned: CVE-2024-27829.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-27829.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-27829.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-27857.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-27857.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-27857.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the Metal framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-27857.

Read More