Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.

Read More

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the
browser UI, bypass CSP restrictions, bypass sandboxed iframe restrictions,
obtain sensitive information, bypass the HTML sanitizer, or execute
arbitrary code. (CVE-2022-2200, CVE-2022-34468, CVE-2022-34470,
CVE-2022-34473, CVE-2022-34474, CVE-2022-34475, CVE-2022-34476,
CVE-2022-34477, CVE-2022-34479, CVE-2022-34480, CVE-2022-34481,
CVE-2022-34484, CVE-2022-34485)

It was discovered that Firefox could be made to save an image with an
executable extension in the filename when dragging and dropping an image
in some circumstances. If a user were tricked into dragging and dropping
a specially crafted image, an attacker could potentially exploit this to
trick the user into executing arbitrary code. (CVE-2022-34482,
CVE-2022-34483)

It was discovered that a compromised server could trick Firefox into an
addon downgrade in some circumstances. An attacker could potentially
exploit this to trick the browser into downgrading an addon to a prior
version. (CVE-2022-34471)

It was discovered that an unavailable PAC file caused OCSP requests to
be blocked, resulting in incorrect error pages being displayed.
(CVE-2022-34472)

Read More

FEDORA-2022-dc3e8972a1

Packages in this update:

libgit2-1.3.1-1.fc36

Update description:

This is an upstream security release. For details, please review the upstream announcement.

Additionally, this drops the pre-built version 1.1 of the library which previous builds carried (it isn’t used by any other Fedora package and violates packaging guidelines).

Read More

An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.

Read More

Demi Marie Obenour discovered that GnuPG incorrectly handled injection in
the status message. A remote attacker could possibly use this issue to
forge signatures.

Read More

Alex Chernyakhovsky discovered that OpenSSL incorrectly handled AES OCB
mode when using the AES-NI assembly optimized implementation on 32-bit
x86 platforms. A remote attacker could possibly use this issue to obtain
sensitive information.

Read More

ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.

Read More

FEDORA-2022-edf7301147

Packages in this update:

libtiff-4.4.0-2.fc36

Update description:

Fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058.

Read More

FEDORA-2022-b9c2a3a2b7

Packages in this update:

libtiff-4.4.0-2.fc35

Update description:

Fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058.

Read More