It was discovered that exo, a support library for the Xfce desktop environment,
would allow executing remote .desktop files. In some scenario, an attacker
could use this vulnerability to trick an user an execute arbitrary code on the
platform with the privileges of that user.
Category Archives: Advisories
SEC Consult SA-20220615-0 :: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series
Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Jun 17
SEC Consult Vulnerability Lab Security Advisory < 20220615-0 >
=======================================================================
title: Hardcoded Backdoor User and Outdated Software Components
product: Nexans FTTO GigaSwitch industrial/office switches HW version 5
vulnerable version: See “Vulnerable / tested versions”
fixed version: V6.02N, V7.02
CVE number: CVE-2022-32985…
dotnet6.0-6.0.106-1.fc35
FEDORA-2022-48ab445ac5
Packages in this update:
dotnet6.0-6.0.106-1.fc35
Update description:
This is the June 2022 monthly release for .NET 6. This updates .NET SDK to 6.0.106 and Runtime to 6.0.6.
It includes at least one known security fix.
Upstream release notes: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.6/6.0.6.md
dotnet6.0-6.0.106-1.fc36
FEDORA-2022-a14a16369d
Packages in this update:
dotnet6.0-6.0.106-1.fc36
Update description:
This is the June 2022 monthly release for .NET 6. This updates .NET SDK to 6.0.106 and Runtime to 6.0.6.
It includes at least one known security fix.
Upstream release notes: https://github.com/dotnet/core/blob/main/release-notes/6.0/6.0.6/6.0.6.md
python2.7-2.7.18-22.fc36
FEDORA-2022-4a69d20cf4
Packages in this update:
python2.7-2.7.18-22.fc36
Update description:
Security fix for CVE-2015-20107
ZDI-22-870: SAP 3D Visual Enterprise Viewer CGM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-869: SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-868: SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-867: SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-22-866: SAP 3D Visual Enterprise Viewer U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.