Read Time:8 Second
FEDORA-2022-f0a2695054
Packages in this update:
qemu-6.2.0-15.fc36
Update description:
nvme: Fix DMA reentrancy use-after-free (CVE-2021-3929)
Category Archives: Advisories
CVE-2022-0495 (koha_library_automation)
Read Time:10 Second
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.
ZDI-22-1295: Apple macOS TIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Read Time:11 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
DSA-5232 tinygltf – security update
Read Time:9 Second
It was discovered that the wordexp() function of tinygltf, a library to
load/save glTF (GL Transmission Format) files was susceptible to command
execution when processing untrusted files.
DSA-5234 fish – security update
Read Time:17 Second
An arbitrary code execution vulnerability was disovered in fish, a
command line shell. When using the default configuraton of fish,
changing to a directory automatically ran `git` commands in order to
display information about the current repository in the prompt. Such
repositories can contain per-repository configuration that change the
behavior of git, including running arbitrary commands.
DSA-5233 e17 – security update
Read Time:6 Second
Maher Azzouzi discovered that missing input sanitising in the
Enlightenment window manager may result in local privilege escalation to
root.
CVE-2020-36602
Read Time:16 Second
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
CVE-2021-46834
Read Time:10 Second
A permission bypass vulnerability in Huawei cross device task management could allow an attacker to access certain resource in the attacked devices. Affected product versions include:JAD-AL50 versions 102.0.0.225(C00E220R3P4).
webkitgtk-2.38.0-2.fc37
Read Time:12 Second
FEDORA-2022-0c00617967
Packages in this update:
webkitgtk-2.38.0-2.fc37
Update description:
Update to 2.38.0
Remove /usr/bin/WebKitWebDriver from webkit2gtk5.0 package to avoid conflict with webkit2gtk4.1
Security fixes: CVE-2022-32886
CVE-2016-20015
Read Time:14 Second
In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript allows the smokeping user to gain ownership of any file, allowing for the smokeping user to gain root privileges. There is a race condition involving /var/lib/smokeping and chown.