Read Time:6 Second
It was discovered that Chromium incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
Category Archives: Advisories
USN-5348-1: Smarty vulnerabilities
Read Time:1 Minute, 11 Second
David Gnedt and Thomas Konrad discovered that Smarty was incorrectly
sanitizing the paths present in the templates. An attacker could possibly
use this use to read arbitrary files when controlling the executed
template. (CVE-2018-13982)
It was discovered that Smarty was incorrectly sanitizing the paths
present in the templates. An attacker could possibly use this use to read
arbitrary files when controlling the executed template. (CVE-2018-16831)
It was discovered that Smarty was incorrectly validating security policy
data, allowing the execution of static classes even when not permitted by
the security settings. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-21408)
It was discovered that Smarty was incorrectly managing access control to
template objects, which allowed users to perform a sandbox escape. An
attacker could possibly use this issue to send specially crafted input to
applications that use Smarty and execute arbitrary code. (CVE-2021-26119)
It was discovered that Smarty was not checking for special characters
when setting function names during plugin compile operations. An attacker
could possibly use this issue to send specially crafted input to
applications that use Smarty and execute arbitrary code. (CVE-2021-26120)
It was discovered that Smarty was incorrectly sanitizing characters in
math strings processed by the math function. An attacker could possibly
use this issue to send specially crafted input to applications that use
Smarty and execute arbitrary code. (CVE-2021-29454)
Post Title
Read Time:18 Second
A vulnerability has been discovered in Google Chrome that could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data.
USN-5342-1: Python vulnerabilities
Read Time:29 Second
David Schwörer discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 18.04 LTS. (CVE-2021-3426)
It was discovered that Python incorrectly handled certain FTP requests.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 LTS.
(CVE-2021-4189)
It was discovered that Python incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2022-0391)
ZDI-22-542: (0Day) Siemens Simcenter Femap NEU File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
DSA-5110 chromium – security update
Read Time:7 Second
A security issue was discovered in Chromium, which could result in the
execution of arbitrary code if a malicious website is visited.
DSA-5109 faad2 – security update
Read Time:9 Second
Multiple vulnerabilities have been discovered in the freeware Advanced
Audio Decoder, which may result in denial of service or potentially the
execution of arbitrary code if malformed media files are processed.
libkiwix-10.1.0-1.fc36
Read Time:11 Second
FEDORA-2022-1f0643b63a
Packages in this update:
libkiwix-10.1.0-1.fc36
Update description:
Updated to version 10.1.0 with XSS fix.
Changelog: https://github.com/kiwix/libkiwix/releases/tag/10.1.0
libkiwix-10.1.0-1.fc35
Read Time:11 Second
FEDORA-2022-d0fe2a444a
Packages in this update:
libkiwix-10.1.0-1.fc35
Update description:
Updated to version 10.1.0 with XSS fix.
Changelog: https://github.com/kiwix/libkiwix/releases/tag/10.1.0
seamonkey-2.53.11.1-1.el7
Read Time:24 Second
FEDORA-EPEL-2022-d5db33b633
Packages in this update:
seamonkey-2.53.11.1-1.el7
Update description:
Update to 2.53.11.1
Note that since 2.53.11, besides the ordinary builds for the current Fedora and EPEL branches, there is an additional distro-independed build available at https://buc.fedorapeople.org/seamonkey .
So if you have friends who use other Linux distro, but that distro does not provide SeaMonkey yet, you can recommend this build for them.