Rhodri James discovered a heap use-after-free vulnerability in the
doContent function in Expat, an XML parsing C library, which could
result in denial of service or potentially the execution of arbitrary
code, if a malformed XML file is processed.
Several vulnerabilities were discovered in BIND, a DNS server
implementation.
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
Rapid7 InsightVM suffers from an information exposure issue whereby, when the user’s session has ended due to inactivity, an attacker can use the Inspect Element browser feature to remove the login panel and view the details available in the last webpage visited by previous user
thunderbird-102.3.0-1.fc37
Update to 102.3.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ;
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
thunderbird-102.3.0-1.fc35
Update to 102.3.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ;
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
thunderbird-102.3.0-1.fc36
Update to 102.3.0 ;
https://www.mozilla.org/en-US/security/advisories/mfsa2022-42/ ;
https://www.thunderbird.net/en-US/thunderbird/102.3.0/releasenotes/
qemu-6.2.0-15.fc36
nvme: Fix DMA reentrancy use-after-free (CVE-2021-3929)
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics framework is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
