This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk FBX Review. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Category Archives: Advisories
ZDI-22-709: Oracle MySQL Cluster Data Node Improper Validation of Array Index Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
ZDI-22-708: Oracle MySQL Cluster Data Node Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
ZDI-22-707: Oracle MySQL Cluster Data Node Integer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
ZDI-22-706: Oracle MySQL Cluster Data Node Improper Validation of Array Index Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Oracle MySQL Cluster. Authentication is not required to exploit this vulnerability.
ZDI-22-757: Apple macOS SCPT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
USN-5393-1: Thunderbird vulnerabilities
Multiple security issues were discovered in Thunderbird. If a user were
tricked into opening a specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a denial of service,
conduct spoofing attacks, or execute arbitrary code. (CVE-2022-1097,
CVE-2022-1196, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285,
CVE-2022-28286, CVE-2022-28289)
It was discovered that Thunderbird ignored OpenPGP revocation when
importing a revoked key in some circumstances. An attacker could
potentially exploit this by tricking the user into trusting the
authenticity of a message or tricking them into use a revoked key to
send an encrypted message. (CVE-2022-1197)
CVE-2021-25266
An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495.
mingw-freetype-2.11.0-2.fc35
FEDORA-2022-0985b0cb9f
Packages in this update:
mingw-freetype-2.11.0-2.fc35
Update description:
Backport fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406
mingw-freetype-2.11.1-3.fc36
FEDORA-2022-539ff0cd2e
Packages in this update:
mingw-freetype-2.11.1-3.fc36
Update description:
Backport fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406