dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
Category Archives: Advisories
CVE-2021-36369
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the available authentication methods in the client-side SSH code, it is possible for an SSH server to change the login process in its favor. This attack can bypass additional security measures such as FIDO2 tokens or SSH-Askpass. Thus, it allows an attacker to abuse a forwarded agent for logging on to another server unnoticed.
kernel-5.19.15-100.fc35
FEDORA-2022-be69f646c9
Packages in this update:
kernel-5.19.15-100.fc35
Update description:
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
kernel-5.19.15-300.fc37
FEDORA-2022-5bd22dc19e
Packages in this update:
kernel-5.19.15-300.fc37
Update description:
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
kernel-5.19.15-200.fc36
FEDORA-2022-d1fcad81f3
Packages in this update:
kernel-5.19.15-200.fc36
Update description:
The 5.19.15 stable kernel update contains a number of important fixes across the tree.
USN-5672-1: GMP vulnerability
It was discovered that GMP did not properly manage memory
on 32-bit platforms when processing a specially crafted
input. An attacker could possibly use this issue to cause
applications using GMP to crash, resulting in a denial of
service.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution.
Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution.
Adobe ColdFusion is a web-application development computing platform.
Adobe Acrobat Reader software is a trusted standard for viewing, printing, signing, sharing and annotating PDFs.
Adobe Commerce connects shopping experiences across channels, add new brands and sites, expand into new geographies – all from one platform.
Adobe Dimension is a 3D rendering and design software.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-5671-1: AdvanceCOMP vulnerabilities
It was discovered that AdvanceCOMP did not properly manage memory of function
be_uint32_read() under certain circumstances. If a user were tricked into
opening a specially crafted binary file, a remote attacker could possibly use
this issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8379)
It was discovered that AdvanceCOMP did not properly manage memory of function
adv_png_unfilter_8() under certain circumstances. If a user were tricked into
opening a specially crafted PNG file, a remote attacker could possibly use this
issue to cause AdvanceCOMP to crash, resulting in a denial of service.
(CVE-2019-8383)
dhcp-4.4.3-4.P1.fc35
FEDORA-2022-c4f274a54f
Packages in this update:
dhcp-4.4.3-4.P1.fc35
Update description:
New version 4.4.3-P1 (rhbz#2132240)
Fix for CVE-2022-2928 (rhbz#2132429)
Fix for CVE-2022-2929 (rhbz#2132430)