Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.
Category Archives: Advisories
CVE-2021-27784
The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique keys and certificates. This does not affect the standard installer packages.
CVE-2020-23255
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2021-40241 (xfig)
USN-5707-1: Libtasn1 vulnerability
It was discovered that Libtasn1 did not properly perform bounds
checking. An attacker could possibly use this issue to cause a
crash.
java-latest-openjdk-19.0.1.0.10-1.rolling.fc36
FEDORA-2022-de4b7dac58
Packages in this update:
java-latest-openjdk-19.0.1.0.10-1.rolling.fc36
Update description:
October CPU
java-latest-openjdk-19.0.0.0.36-4.rolling.fc35
FEDORA-2022-ef4cb602ab
Packages in this update:
java-latest-openjdk-19.0.0.0.36-4.rolling.fc35
Update description:
October CPU
java-latest-openjdk-19.0.1.0.10-1.rolling.el8
FEDORA-EPEL-2022-95ca32e505
Packages in this update:
java-latest-openjdk-19.0.1.0.10-1.rolling.el8
Update description:
October CPU
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
Safari is a graphical web browser developed by Apple.
macOS Ventura is the 19th and current major release of macOS
macOS Monterey is the 18th and release of macOS.
macOS Big Sur is the 17th release of macOS.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
tvOS is an operating system for fourth-generation Apple TV digital media player.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.