ALSA-2023:7151 Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to insufficient input data validation, allows attackers to compromise data integrity.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to compromise data integrity...

Telit Multiple Product Security Vulnerabilities

Telit Cinterion BGS5 and so on are products of Telit Communications Telit.Telit Cinterion BGS5 is a mobile communication module.Telit Cinterion EHS5/6/8 and so on are products of Telit Cinterion.Telit Cinterion EHS5/6/8 is an edge device module.Telit Cinterion PDS5/6/8 is an edge device...

StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices

An advanced strain of malware masquerading as a cryptocurrency miner has managed to fly the radar for over five years, infecting no less than one million devices around the world in the process. That's according to findings from Kaspersky, which has codenamed the threat StripedFly, describing it ...

[SECURITY] Fedora 38 Update: netconsd-0.4-1.fc38

This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...

[SECURITY] Fedora 39 Update: netconsd-0.4-1.fc39

This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...

[SECURITY] Fedora 37 Update: netconsd-0.4-1.fc37

This is a daemon for receiving and processing logs from the Linux Kernel, as emitted over a network by the kernel's netconsole module. It supports both the old "legacy" text-only format, and the new extended format added in v4.4. The core of the daemon does nothing but process messages and drop...

CVE-2023-46352

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...

Design/Logic Flaw

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, SMS alerts, and product image scaling. A security vulnerability exists in PrestaShop Smart Modules for PrestaShop 2.4.9 and earlier versions, which stems from...

CVE-2023-46352

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" facebookconversiontrackingplus up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from...

CVE-2023-46352

In CVE-2023-46352, the Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module (PrestaShop Smart Modules) up to version 2.4.9 exposes a permissions flaw that lets a guest download exports, leaking personal data from the ps_customer table (name, surname, email). Root cause: lack of proper ac...

openshift: OCP & FIPS mode

A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated...

CVE-2023-46356

In the module "CSV Feeds PRO" csvfeeds before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. The method SearchApiCsv::getProducts has sensitive SQL call that can be executed with a trivial http call and exploited to forge a SQL injection...

SUSE CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

CVE-2023-45798

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution...

CVE-2023-45798

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution...

Input validation

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. This allows malicious actors to load arbitrary third-party modules, leading to remote code execution...

CVE-2023-45798

Affected product: Yettiesoft VestCert, versions 2.36–2.5.29. Root cause: improper validation of third-party modules allows loading arbitrary third-party modules, enabling remote code execution. Impact: remote code execution with high risk (CVE-2023-45798). The CVE notes indicate vulnerability is ...

Yettiesoft VestCert Security Vulnerability

Yettiesoft VestCert is an application from Yettiesoft, Inc. A security vulnerability exists in Yettiesoft VestCert versions 2.36 through 2.5.29 that stems from improper validation of third-party modules, which allows malicious actors to load arbitrary third-party modules that can lead to remote...