This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Category Archives: Advisories
ZDI-22-1176: Trend Micro Maximum Security Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1175: Trend Micro Maximum Security Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Maximum Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1178: Trend Micro HouseCall Incorrect Permission Assignment Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro HouseCall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
GLSA 202208-39: WebKitGTK+: Multiple Vulnerabilities
GLSA 202208-38: Mozilla Thunderbird: Multiple Vulnerabilities
GLSA 202208-37: Mozilla Firefox: Multiple Vulnerabilities
GLSA 202208-36: Oracle VirtualBox: Multiple Vulnerabilities
WordPress 6.0.2 Security and Maintenance Release
WordPress 6.0.2 is now available!
This security and maintenance release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 6.0.2 is a short-cycle release. You can review a summary of the main updates in this release by reading the RC1 announcement.
The next major release will be version 6.1 planned for November 1, 2022.
If you have sites that support automatic background updates, the update process will begin automatically.
You can download WordPress 6.0.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”.
For more information on this release, please visit the HelpHub site.
Security updates included in this release
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
Fariskhi Vidyan for finding a possible SQL injection within the Link API.
Khalilov Moe for finding an XSS vulnerability on the Plugins screen.
John Blackbourn of the WordPress security team, for finding an output escaping issue within the_meta().
Thank you to these WordPress contributors
The WordPress 6.0.2 release was led by @sergeybiryukov and @gziolo.
WordPress 6.0.2 would not have been possible without the contributions of more than 50 people. Their asynchronous coordination to deliver several enhancements and fixes into a stable release is a testament to the power and capability of the WordPress community.
Alex Concha, Andrei Draganescu, annezazu, Anton Vlasenko, Ari Stathopoulos, Ben Dwyer, Carolina Nymark, Colin Stewart, Darren Coutts, Dilip Bheda, Dion Hulse, eMKey, Fabian Kägy, George Mamadashvili, Greg Ziółkowski, huubl, ironprogrammer, Jb Audras, John Blackbourn, Jonathan Desrosiers, jonmackintosh, Jonny Harris, Kelly Choyce-Dwan, Lena Morita, Linkon Miyan, Lovro Hrust, marybaum, Nick Diego, Nik Tsekouras, Olga Gleckler, Pascal Birchler, paulkevan, Peter Wilson, Sergey Biryukov, Stephen Bernhardt, Teddy Patriarca, Timothy Jacobs, tommusrhodus, Tomoki Shimomura, Tonya Mork, webcommsat AbhaNonStopNewsUK, and zieladam.
autotrace-0.31.9-1.fc36
FEDORA-2022-6813a0eb99
Packages in this update:
autotrace-0.31.9-1.fc36
Update description:
AutoTrace ver. 0.31.9