This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must receive a malicious image file that is written to the local filesystem. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2023-42902.
Category Archives: Advisories
ZDI-24-206: Apple macOS ImageIO MPO Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2023-42888.
USN-6654-1: Roundcube Webmail vulnerability
It was discovered that Roundcube Webmail incorrectly sanitized characters
in the linkrefs text messages. An attacker could possibly use this issue to
execute a cross-site scripting (XSS) attack. (CVE-2023-43770)
GLSA 202402-31: GNU Aspell: Heap Buffer Overflow
GLSA 202402-30: Glances: Arbitrary Code Execution
GLSA 202402-32: btrbk: Remote Code Execution
GLSA 202402-33: PyYAML: Arbitrary Code Execution
DSA-5632-1 composer – security update
It was discovered that composer, a dependency manager for the PHP
language, processed files in the local working directory. This could
lead to local privilege escalation or malicious code execution. Due to
a technical issue this email was not sent on 2024-02-26 like it should
have.
DSA-5631-1 iwd – security update
It was discovered that iwd, the iNet Wireless Daemon, does not properly
handle messages in the 4-way handshake used when connecting to a
protected WiFi network for the first time. An attacker can take
advantage of this flaw to gain unauthorized access to a protected WiFi
network if iwd is operating in Access Point (AP) mode.
dotnet6.0-6.0.127-2.fc38
FEDORA-2024-b0e165ded6
Packages in this update:
dotnet6.0-6.0.127-2.fc38
Update description:
This is the February 2024 security update for .NET 6