This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-1042: ICONICS GENESIS64 colorpalletes Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of ICONICS GENESIS64. Authentication is not required to exploit this vulnerability.
ZDI-22-1041: (Pwn2Own) ICONICS GENESIS64 genbroker64 Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. Authentication is not required to exploit this vulnerability.
ZDI-22-1040: (Pwn2Own) ICONICS GENESIS64 ColorPaletteEntry Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-1039: (Pwn2Own) ICONICS GENESIS64 TDFX File Parsing Exposed Dangerous Function Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of ICONICS GENESIS64. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
golang-cloud-google-0.103.0-2.fc37
FEDORA-2022-6e5bcf2979
Packages in this update:
golang-cloud-google-0.103.0-2.fc37
Update description:
Automatic update for golang-cloud-google-0.103.0-2.fc37.
Changelog
* Wed Aug 3 2022 Robert-André Mauchin <zebob.m@gmail.com> 0.103.0-2
– Fix tests on other arches
* Mon Aug 1 2022 Robert-André Mauchin <zebob.m@gmail.com> 0.103.0-1
– Update to 0.103.0 – Close: rhbz#2110122 rhbz#2077319 rhbz#2112949
rhbz#2112959 rhbz#2058383 rhbz#2110122
* Thu Jul 21 2022 Maxwell G <gotmax@e.email> 0.100.0-5
– Fix FTBFS
* Fri Jun 17 2022 Robert-André Mauchin <zebob.m@gmail.com> 0.100.0-4
– Rebuilt for CVE-2022-1996, CVE-2022-24675, CVE-2022-28327,
CVE-2022-27191, CVE-2022-29526, CVE-2022-30629
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
firefox-103.0-1.fc36
FEDORA-2022-2c4dc61810
Packages in this update:
firefox-103.0-1.fc36
Update description:
Update to new upstream version (103.0)
CVE-2021-23385
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using ‘autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore.