FEDORA-EPEL-2023-d9256ecd7c
Packages in this update:
zchunk-1.3.1-1.el7
Update description:
Fix several low severity security bugs.
zchunk-1.3.1-1.el7
Fix several low severity security bugs.
zchunk-1.3.1-1.fc36
Fix several low severity security bugs.
flatpak-runtime-f38-3820230402170524.1
flatpak-sdk-f38-3820230402170524.1
Updated flatpak runtime and SDK, including latest Fedora 38 security and bug-fix errata.
It was discovered that IPMItool was not properly checking the data received
from a remote LAN party. A remote attacker could possibly use this issue to
to cause a crash or arbitrary code execution.
Posted by Harrison Neal on Apr 04
Vulnerable Software Download URL:
https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4
FSM 3704 (and some earlier versions) use .NET Remoting in a way that can
lead to unauthenticated remote code execution attacks as SYSTEM. Tools that
can successfully attack affected services are freely available.
Administrators should block or otherwise limit access to TCP ports opened
by services installed by this software wherever possible.
Cross Site Scripting vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via javascript code in the markdown editor.
Cross Site Request Forgery vulnerability found in Phachon mm-wiki v.0.1.2 allows a remote attacker to execute arbitrary code via the system/user/save parameter.
Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges via symbolic links.
Buffer Overflow vulnerabilty found in Nginx NJS v.0feca92 allows a remote attacker to execute arbitrary code via the njs_module_read in the njs_module.c file.
An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.