Read Time:9 Second
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Category Archives: Advisories
CVE-2021-40241 (xfig)
USN-5707-1: Libtasn1 vulnerability
Read Time:7 Second
It was discovered that Libtasn1 did not properly perform bounds
checking. An attacker could possibly use this issue to cause a
crash.
java-latest-openjdk-19.0.1.0.10-1.rolling.fc36
Read Time:7 Second
FEDORA-2022-de4b7dac58
Packages in this update:
java-latest-openjdk-19.0.1.0.10-1.rolling.fc36
Update description:
October CPU
java-latest-openjdk-19.0.0.0.36-4.rolling.fc35
Read Time:7 Second
FEDORA-2022-ef4cb602ab
Packages in this update:
java-latest-openjdk-19.0.0.0.36-4.rolling.fc35
Update description:
October CPU
java-latest-openjdk-19.0.1.0.10-1.rolling.el8
Read Time:7 Second
FEDORA-EPEL-2022-95ca32e505
Packages in this update:
java-latest-openjdk-19.0.1.0.10-1.rolling.el8
Update description:
October CPU
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Read Time:53 Second
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
Safari is a graphical web browser developed by Apple.
macOS Ventura is the 19th and current major release of macOS
macOS Monterey is the 18th and release of macOS.
macOS Big Sur is the 17th release of macOS.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:32 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
CVE-2020-21016
Read Time:7 Second
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
CVE-2021-40661 (ind780_firmware)
Read Time:34 Second
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label ‘IND780_8.0.07’), Version 7.2.10 June 18, 2012 (SS Label ‘IND780_7.2.10’). It was possible to traverse the folders of the affected host by providing a traversal path to the ‘webpage’ parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.