An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.

Read More

Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

Read More

FEDORA-2023-93fb5b08eb

Packages in this update:

vim-9.0.1307-1.fc36

Update description:

2169641 – Syntax highlight for sh files broken

The newest upstream commit

Security fixes for CVE-2022-47024, CVE-2023-0433

Read More

Jakob Ackermann discovered that Django incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause Django to
consume resources, leading to a denial of service.

Read More

FEDORA-2023-c3d65c8f7b

Packages in this update:

OpenImageIO-2.4.8.1-1.fc37

Update description:

Release 2.4.8.1 (13 Feb 2023) — compared to 2.4.8.0

Fix(targa): guard against corrupted tga files Fixes TALOS-2023-1707 /
CVE-2023-24473, TALOS-2023-1708 / CVE-2023-22845. #3768
Fix: race condition in TIFF reader, fixes TALOS-2023-1709 / CVE-2023-24472.
Windows: Fix unresolved external symbol for MSVS 2017 #3763
Fix: Initialize OpenEXROutput::m_levelmode in init(). #3764
Fix: improve thread safety for concurrent tiff loads. #3767
Fix(fits): Make sure to close if open fails to find right magic number.

Read More

FEDORA-EPEL-2023-a101920015

Packages in this update:

OpenImageIO-2.4.8.1-1.el9

Update description:

Release 2.4.8.1 (13 Feb 2023) — compared to 2.4.8.0

Fix(targa): guard against corrupted tga files Fixes TALOS-2023-1707 /
CVE-2023-24473, TALOS-2023-1708 / CVE-2023-22845. #3768
Fix: race condition in TIFF reader, fixes TALOS-2023-1709 / CVE-2023-24472.
Windows: Fix unresolved external symbol for MSVS 2017 #3763
Fix: Initialize OpenEXROutput::m_levelmode in init(). #3764
Fix: improve thread safety for concurrent tiff loads. #3767
Fix(fits): Make sure to close if open fails to find right magic number.

Read More

It was discovered that a race condition existed in the memory address space
accounting implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2022-41222)

Sönke Huster discovered that a use-after-free vulnerability existed in the
WiFi driver stack in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2022-42719)

Read More

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

Safari is a graphical web browser developed by Apple.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
macOS Monterey is the 18th and release of macOS.
macOS Big Sur is the 17th release of macOS.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Ventura is the 19th and current major release of macOS
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Hubert Kario discovered a timing side channel in the RSA decryption
implementation of the GNU TLS library.

Read More

Two vulnerabilities were discovered in HAProxy, a fast and reliable load
balancing reverse proxy, which may result in denial of service, or
bypass of access controls and routing rules via specially crafted
requests.

Read More