This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oracle Product Lifecycle Management. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-20953.
openexr-3.1.10-5.fc40
Automatic update for openexr-3.1.10-5.fc40.
* Mon Feb 5 2024 Benjamin A. Beasley <code@musicinmybrain.net> – 3.1.10-5
– Backport proposed fix for CVE-2023-5841 to 3.1.10 (fix RHBZ#2262406)
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.10-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> – 3.1.10-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
firecracker-1.6.0-6.fc38
libkrun-1.7.2-4.fc38
rust-event-manager-0.4.0-2.fc38
rust-kvm-bindings-0.7.0-1.fc38
rust-kvm-ioctls-0.16.0-3.fc38
rust-linux-loader-0.11.0-1.fc38
rust-userfaultfd-0.8.1-2.fc38
rust-versionize-0.2.0-2.fc38
rust-vhost-0.10.0-2.fc38
rust-vhost-user-backend-0.13.1-2.fc38
rust-virtio-queue-0.11.0-1.fc38
rust-vm-memory-0.14.0-1.fc38
rust-vmm-sys-util-0.12.1-2.fc38
rust-vm-superio-0.7.0-4.fc38
virtiofsd-1.10.1-1.fc38
Update rust-vmm components and their consumers to address CVE-2023-50711
firecracker-1.6.0-6.fc39
libkrun-1.7.2-4.fc39
rust-event-manager-0.4.0-2.fc39
rust-kvm-bindings-0.7.0-1.fc39
rust-kvm-ioctls-0.16.0-2.fc39
rust-linux-loader-0.11.0-1.fc39
rust-userfaultfd-0.8.1-2.fc39
rust-versionize-0.2.0-2.fc39
rust-vhost-0.10.0-2.fc39
rust-vhost-user-backend-0.13.1-2.fc39
rust-virtio-queue-0.11.0-1.fc39
rust-vm-memory-0.14.0-1.fc39
rust-vmm-sys-util-0.12.1-2.fc39
rust-vm-superio-0.7.0-4.fc39
virtiofsd-1.10.1-1.fc39
Update rust-vmm components and their consumers to address CVE-2023-50711
USN-6592-1 fixed vulnerabilities in libssh. This update provides the
corresponding updates for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
It was discovered that libssh incorrectly handled the ProxyCommand and the
ProxyJump features. A remote attacker could possibly use this issue to
inject malicious code into the command of the features mentioned through
the hostname parameter. (CVE-2023-6004)
It was discovered that libssh incorrectly handled return codes when
performing message digest operations. A remote attacker could possibly use
this issue to cause libssh to crash, obtain sensitive information, or
execute arbitrary code. (CVE-2023-6918)
David Benjamin discovered that OpenSSL incorrectly handled excessively long
X9.42 DH keys. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, leading to a denial of service.
(CVE-2023-5678)
Sverker Eriksson discovered that OpenSSL incorrectly handled POLY1304 MAC
on the PowerPC architecture. A remote attacker could use this issue to
cause OpenSSL to crash, resulting in a denial of service, or possibly
execute arbitrary code. This issue only affected Ubuntu 22.04 LTS and
Ubuntu 23.04. (CVE-2023-6129)
It was discovered that OpenSSL incorrectly handled excessively long RSA
public keys. A remote attacker could possibly use this issue to cause
OpenSSL to consume resources, leading to a denial of service. This issue
only affected Ubuntu 22.04 LTS and Ubuntu 23.04. (CVE-2023-6237)
Bahaa Naamneh discovered that OpenSSL incorrectly handled certain malformed
PKCS12 files. A remote attacker could possibly use this issue to cause
OpenSSL to crash, resulting in a denial of service. (CVE-2024-0727)
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-1180.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-1179.
It was discovered that ruby-sanitize, a whitelist-based HTML sanitizer,
insufficiently sanitised
python-cryptography-41.0.7-1.fc39
Security fix for CVE-2023-49083
