Thomas Akesson discovered that Subversion incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
Category Archives: Advisories
USN-5321-1: Firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, spoof the browser
UI, bypass security restrictions, obtain sensitive information, or execute
arbitrary code. (CVE-2022-0843, CVE-2022-26381, CVE-2022-26382,
CVE-2022-26383, CVE-2022-26384, CVE-2022-26385)
A TOCTOU bug was discovered when verifying addon signatures during
install. A local attacker could potentially exploit this to trick a
user into installing an addon with an invalid signature.
(CVE-2022-26387)
CVE-2021-20269
A flaw was found in the permissions of a log file created by kexec-tools. This flaw allows a local unprivileged user to read this file and leak kernel internal information from a previous panic. The highest threat from this vulnerability is to confidentiality. This flaw affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47.
CVE-2020-36517
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.
CVE-2020-36123
saitoha libsixel v1.8.6 was discovered to contain a double free via the component sixel_chunk_destroy at /root/libsixel/src/chunk.c.
CVE-2020-14111
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
CVE-2020-14112
Information Leak Vulnerability exists in the Xiaomi Router AX6000. The vulnerability is caused by incorrect routing configuration. Attackers can exploit this vulnerability to download part of the files in Xiaomi Router AX6000.
CVE-2020-14115
A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.
annobin-10.57-3.fc36 firefox-98.0-2.fc36 gcc-12.0.1-0.12.fc36
FEDORA-2022-42ea499a7d
Packages in this update:
annobin-10.57-3.fc36
firefox-98.0-2.fc36
gcc-12.0.1-0.12.fc36
Update description:
This update provides the latest release of Firefox, with many bug fixes including critical security issues. It also includes updates to gcc and annobin which were necessary to build Firefox, with the following fixes:
fix up promoted SUBREG handling (#2045160, PR rtl-optimization/104839)
fix up check for asm goto (PR rtl-optimization/104777)
Upstream bugs (http://gcc.gnu.org/PRNNNNN) fixed: 70077, 79493, 80270, 84519, 87496, 88134, 90148, 91384, 96526, 99297, 99555, 99585, 100400, 100407, 100541, 100757, 101325, 101636, 101983, 102276, 102429, 103037, 103302, 103443, 103521, 103836, 103845, 103856, 103984, 104061, 104121, 104131, 104132, 104133, 104154, 104208, 104381, 104430, 104434, 104489, 104529, 104533, 104540, 104550, 104552, 104558, 104573, 104589, 104601, 104602, 104618, 104619, 104627, 104633, 104637, 104644, 104648, 104656, 104659, 104664, 104667, 104674, 104675, 104676, 104677, 104679, 104681, 104682, 104686, 104687, 104698, 104700, 104704, 104715, 104716, 104721, 104724, 104725, 104726, 104727, 104728, 104730, 104732, 104736, 104748, 104757, 104758, 104761, 104775, 104779, 104781, 104782, 104784, 104791, 104794, 104797, 104807, 104825, 104838
openexr-3.1.4-1.fc36
FEDORA-2022-18e14f460c
Packages in this update:
openexr-3.1.4-1.fc36
Update description:
New upstream release 3.1.4