Read Time:6 Second
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.
Category Archives: Advisories
USN-5504-1: Firefox vulnerabilities
Read Time:1 Minute, 4 Second
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass CSP restrictions, bypass sandboxed iframe restrictions,
obtain sensitive information, bypass the HTML sanitizer, or execute
arbitrary code. (CVE-2022-2200, CVE-2022-34468, CVE-2022-34470,
CVE-2022-34473, CVE-2022-34474, CVE-2022-34475, CVE-2022-34476,
CVE-2022-34477, CVE-2022-34479, CVE-2022-34480, CVE-2022-34481,
CVE-2022-34484, CVE-2022-34485)
It was discovered that Firefox could be made to save an image with an
executable extension in the filename when dragging and dropping an image
in some circumstances. If a user were tricked into dragging and dropping
a specially crafted image, an attacker could potentially exploit this to
trick the user into executing arbitrary code. (CVE-2022-34482,
CVE-2022-34483)
It was discovered that a compromised server could trick Firefox into an
addon downgrade in some circumstances. An attacker could potentially
exploit this to trick the browser into downgrading an addon to a prior
version. (CVE-2022-34471)
It was discovered that an unavailable PAC file caused OCSP requests to
be blocked, resulting in incorrect error pages being displayed.
(CVE-2022-34472)
libgit2-1.3.1-1.fc36
Read Time:17 Second
FEDORA-2022-dc3e8972a1
Packages in this update:
libgit2-1.3.1-1.fc36
Update description:
This is an upstream security release. For details, please review the upstream announcement.
Additionally, this drops the pre-built version 1.1 of the library which previous builds carried (it isn’t used by any other Fedora package and violates packaging guidelines).
CVE-2021-43116
Read Time:11 Second
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
USN-5503-1: GnuPG vulnerability
Read Time:7 Second
Demi Marie Obenour discovered that GnuPG incorrectly handled injection in
the status message. A remote attacker could possibly use this issue to
forge signatures.
USN-5502-1: OpenSSL vulnerability
Read Time:11 Second
Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB
mode when using the AES-NI assembly optimized implementation on 32-bit
x86 platforms. A remote attacker could possibly use this issue to obtain
sensitive information.
CVE-2021-43702
Read Time:16 Second
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.
libtiff-4.4.0-2.fc36
Read Time:8 Second
FEDORA-2022-edf7301147
Packages in this update:
libtiff-4.4.0-2.fc36
Update description:
Fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058.
libtiff-4.4.0-2.fc35
Read Time:8 Second
FEDORA-2022-b9c2a3a2b7
Packages in this update:
libtiff-4.4.0-2.fc35
Update description:
Fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058.
DSA-5177 ldap-account-manager – security update
Read Time:10 Second
Arseniy Sharoglazov discovered multiple security issues in LDAP Account
Manager (LAM), a web frontend for managing accounts in an LDAP directory,
which could result in information disclosure or unauthenticated remote
code execution.