A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege.
Category Archives: Advisories
CVE-2020-14131
The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life.
CVE-2021-0696
In dllist_remove_node of TBD, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242344778
CVE-2021-0951
In DevmemIntHeapAcquire of TBD, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-242345085
USN-5670-1: .NET 6 vulnerability
Edward Thomson discovered that .NET 6 incorrectly handled
permissions for local NuGet cache. A local attacker could
possibly use this issue to execute arbitrary code.
CVE-2021-36899
Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan’s Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.
CVE-2021-36913
Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.
vim-9.0.720-1.fc35
FEDORA-2022-fff548cfab
Packages in this update:
vim-9.0.720-1.fc35
Update description:
The newest upstream commit
Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
vim-9.0.720-1.fc36
FEDORA-2022-40161673a3
Packages in this update:
vim-9.0.720-1.fc36
Update description:
The newest upstream commit
Security fixes for CVE-2022-3256, CVE-2022-3324, CVE-2022-3352, CVE-2022-3235, CVE-2022-3234, CVE-2022-3296, CVE-2022-3297, CVE-2022-3278.
dbus-1.12.24-1.fc35
FEDORA-2022-7a963a79d1
Packages in this update:
dbus-1.12.24-1.fc35
Update description:
Update to 1.12.24
Fix CVE-2022-42010, CVE-2022-42011, CVE-2022-42012