Read Time:8 Second
FEDORA-2024-dada06a500
Packages in this update:
pypy-7.3.15-3.fc39
Update description:
Security fix for CVE-2023-5752 (in the bundled pip).
Category Archives: Advisories
pypy-7.3.15-3.fc38
Read Time:8 Second
FEDORA-2024-797928fed3
Packages in this update:
pypy-7.3.15-3.fc38
Update description:
Security fix for CVE-2023-5752 (in the bundled pip).
Microsoft PlayReady white-box cryptography weakness
Read Time:24 Second
Posted by Security Explorations on May 01
Hello All,
There is yet another attack possible against Protected Media Path
process beyond the one involving two global XOR keys [1]. The new
attack may also result in the extraction of a plaintext content key
value.
The attack has its origin in a white-box crypto [2] implementation.
More specifically, one can devise plaintext content key from white-box
crypto data structures of which goal is to make such a reconstruction
difficult / not…
pypy-7.3.15-3.fc41
Read Time:16 Second
FEDORA-2024-305522ab38
Packages in this update:
pypy-7.3.15-3.fc41
Update description:
Automatic update for pypy-7.3.15-3.fc41.
Changelog
* Tue Apr 30 2024 Charalampos Stratakis <cstratak@redhat.com> – 7.3.15-3
– Security fix for CVE-2023-5752 for the bundled pip wheel
– Resolves: rhbz#2250771
ZDI-24-419: (Pwn2Own) Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-4406.
ZDI-24-418: (Pwn2Own) Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-4405.
ZDI-24-417: Xiaomi Pro 13 isUrlMatchLevel Permissive List of Allowed Inputs Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-26322.
et-6.2.8-1.fc38
Read Time:11 Second
FEDORA-2024-bd9e67c117
Packages in this update:
et-6.2.8-1.fc38
Update description:
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130
et-6.2.8-1.el9
Read Time:9 Second
FEDORA-EPEL-2024-90aea0505b
Packages in this update:
et-6.2.8-1.el9
Update description:
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
et-6.2.8-1.fc40
Read Time:11 Second
FEDORA-2024-b745c97f4b
Packages in this update:
et-6.2.8-1.fc40
Update description:
Update to 6.2.8, fixing CVE-2022-48257 and CVE-2022-48258
Unbundle cpp-httlib, fixing CVE-2023-26130