SUSE-SU-2023:3419-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 bsc1213905: - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. -...

CVE-2023-38831

RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue occurs because a ZIP archive may include a benign file such as an ordinary .JPG file and also a folder that has the same name as the benign file, and the...

USN-6267-3: Firefox regressions

USN-6267-1 fixed vulnerabilities and USN-6267-2 fixed minor regressions in Firefox. The update introduced several minor regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were...

Fedora 37 : webkitgtk (2023-19754c5a93)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-19754c5a93 advisory. Fix several crashes and rendering issues Security fixes: CVE-2023-38133, CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595,...

Broadcom RAID Controller Security Vulnerability

The Broadcom RAID Controller is a series of RAID controllers from Broadcom Corporation. A security vulnerability exists in the Broadcom RAID Controller that stems from an insecure HTTP in the web interface that prevents the protection of the SESSIONID cookie with the SameSite attribute...

Oracle Linux 9 : thunderbird (ELSA-2023-4499)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4499 advisory. 102.14.0-1.0.1 - Update to 102.14.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

Oracle Linux 8 : thunderbird (ELSA-2023-4497)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2023-4497 advisory. 102.14.0-1.0.1 - Update to 102.14.0 build1 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...

CVE-2023-38572

A flaw was found in WebKitGTK. This flaw exists due to an error when handling the Same Origin Policy. A remote attacker can bypass Same Origin Policy restrictions...

Debian: Security Advisory (DLA-3523-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 3523-1] firefox-esr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3523-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort August 09, 2023 https://wiki.debian.org/LTS -...

SUSE: Security Advisory (SUSE-SU-2023:3237-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15: MozillaThunderbird / MozillaThunderbird-translations-common / etc (SUSE-SU-2023:3228-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3228-1 advisory. Update Mozilla Thunderbird 115.1.0 bsc1213746: - CVE-2023-4045: Fixed cross-origin restrictions...

Debian dla-3523 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3523 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3523-1 [email protected]...

SUSE-SU-2023:3237-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 bsc1213905: - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. -...

SUSE-SU-2023:3233-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.40.5 bsc1213905: - CVE-2023-38133: Fixed information disclosure. - CVE-2023-38572: Fixed Same-Origin-Policy bypass. - CVE-2023-38592: Fixed arbitrary code execution. - CVE-2023-38594: Fixed arbitrary code execution. -...

Rocky Linux 8 : thunderbird (RLSA-2023:4497)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4497 advisory. - Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document fil...

Rocky Linux 8 : firefox (RLSA-2023:4468)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4468 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of...

Rocky Linux 9 : firefox (RLSA-2023:4462)

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:4462 advisory. - Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of...

Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...

Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions

The Mozilla Foundation Security Advisory describes this flaw as: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy...