Read Time:6 Second
FEDORA-FLATPAK-2023-777c3d6cab
Packages in this update:
firefox-stable-3820230610212426.1
Update description:
Update to 114.0
Category Archives: Advisories
flatpak-runtime-f38-3820230613100501.1 flatpak-sdk-f38-3820230613100501.1
Read Time:10 Second
FEDORA-FLATPAK-2023-b5a143a8c8
Packages in this update:
flatpak-runtime-f38-3820230613100501.1
flatpak-sdk-f38-3820230613100501.1
Update description:
Updated flatpak runtime and SDK, including latest Fedora 38 security and bug-fix errata.
CVE-2022-33877
Read Time:21 Second
An incorrect default permission [CWE-276] vulnerability in FortiClient (Windows) versions 7.0.0 through 7.0.6 and 6.4.0 through 6.4.8 and FortiConverter (Windows) versions 6.2.0 through 6.2.1, 7.0.0 and all versions of 6.0.0 may allow a local authenticated attacker to tamper with files in the installation folder, if FortiClient or FortiConverter is installed in an insecure folder.
CVE-2022-39946
Read Time:18 Second
An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attacker authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests.
CVE-2022-41327
Read Time:20 Second
A cleartext transmission of sensitive information vulnerability [CWE-319] in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.8, FortiProxy version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.8 allows an authenticated attacker with readonly superadmin privileges to intercept traffic in order to obtain other adminstrators cookies via diagnose CLI commands.
USN-6143-2: Firefox regressions
Read Time:36 Second
USN-6143-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-34414,
CVE-2023-34416, CVE-2023-34417)
Jun Kokatsu discovered that Firefox did not properly validate site-isolated
process for a document loaded from a data: URL that was the result of a
redirect, leading to an open redirect attack. An attacker could possibly
use this issue to perform phishing attacks. (CVE-2023-34415)
DSA-5425 php8.2 – security update
Read Time:9 Second
It was discovered that PHP’s implementation of SOAP HTTP Digest
authentication performed insufficient error validation, which may result
in a stack information leak or use of weak randomness.
DSA-5424 php7.4 – security update
Read Time:9 Second
It was discovered that PHP’s implementation of SOAP HTTP Digest
authentication performed insufficient error validation, which may result
in a stack information leak or use of weak randomness.
CVE-2022-43777
Read Time:10 Second
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.
CVE-2022-43778
Read Time:10 Second
Potential Time-of-Check to Time-of Use (TOCTOU) vulnerabilities have been identified in the HP BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure.