An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.
Category Archives: Advisories
CVE-2022-22564
Dell EMC Unity versions before 5.2.0.0.5.173 , use(es) broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.
vim-9.0.1307-1.fc36
FEDORA-2023-93fb5b08eb
Packages in this update:
vim-9.0.1307-1.fc36
Update description:
2169641 – Syntax highlight for sh files broken
The newest upstream commit
Security fixes for CVE-2022-47024, CVE-2023-0433
USN-5868-1: Django vulnerability
Jakob Ackermann discovered that Django incorrectly handled certain file
uploads. A remote attacker could possibly use this issue to cause Django to
consume resources, leading to a denial of service.
OpenImageIO-2.4.8.1-1.fc37
FEDORA-2023-c3d65c8f7b
Packages in this update:
OpenImageIO-2.4.8.1-1.fc37
Update description:
Release 2.4.8.1 (13 Feb 2023) — compared to 2.4.8.0
Fix(targa): guard against corrupted tga files Fixes TALOS-2023-1707 /
CVE-2023-24473, TALOS-2023-1708 / CVE-2023-22845. #3768
Fix: race condition in TIFF reader, fixes TALOS-2023-1709 / CVE-2023-24472.
Windows: Fix unresolved external symbol for MSVS 2017 #3763
Fix: Initialize OpenEXROutput::m_levelmode in init(). #3764
Fix: improve thread safety for concurrent tiff loads. #3767
Fix(fits): Make sure to close if open fails to find right magic number.
OpenImageIO-2.4.8.1-1.el9
FEDORA-EPEL-2023-a101920015
Packages in this update:
OpenImageIO-2.4.8.1-1.el9
Update description:
Release 2.4.8.1 (13 Feb 2023) — compared to 2.4.8.0
Fix(targa): guard against corrupted tga files Fixes TALOS-2023-1707 /
CVE-2023-24473, TALOS-2023-1708 / CVE-2023-22845. #3768
Fix: race condition in TIFF reader, fixes TALOS-2023-1709 / CVE-2023-24472.
Windows: Fix unresolved external symbol for MSVS 2017 #3763
Fix: Initialize OpenEXROutput::m_levelmode in init(). #3764
Fix: improve thread safety for concurrent tiff loads. #3767
Fix(fits): Make sure to close if open fails to find right magic number.
LSN-0091-1: Kernel Live Patch Security Notice
It was discovered that a race condition existed in the memory address space
accounting implementation in the Linux kernel, leading to a use-after-free
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2022-41222)
Sönke Huster discovered that a use-after-free vulnerability existed in the
WiFi driver stack in the Linux kernel. A physically proximate attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code.(CVE-2022-42719)
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.
Safari is a graphical web browser developed by Apple.
iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
macOS Monterey is the 18th and release of macOS.
macOS Big Sur is the 17th release of macOS.
iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
macOS Ventura is the 19th and current major release of macOS
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
DSA-5349 gnutls28 – security update
Hubert Kario discovered a timing side channel in the RSA decryption
implementation of the GNU TLS library.
DSA-5348 haproxy – security update
Two vulnerabilities were discovered in HAProxy, a fast and reliable load
balancing reverse proxy, which may result in denial of service, or
bypass of access controls and routing rules via specially crafted
requests.