This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Daily Archives: June 16, 2023
ZDI-23-887: Microsoft Windows PGM Invalid Transmission Group Size Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Microsoft Windows. Authentication is not required to exploit this vulnerability.
ZDI-23-888: Adobe Substance 3D Designer SBS File Parsing Uninitialized Variable Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Substance 3D Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-889: Schneider Electric IGSS DashFiles Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric IGSS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
ZDI-23-890: (Pwn2Own) Microsoft Windows UMPDDrvEnablePDEV Improper Input Validation Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-23-880: Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
libX11-1.8.6-1.fc38
FEDORA-2023-7503ce855c
Packages in this update:
libX11-1.8.6-1.fc38
Update description:
libX11 1.8.6 (CVE-2023-3138)
DSA-5430 openjdk-17 – security update
Several vulnerabilities have been discovered in the OpenJDK Java runtime,
which may result in denial of service, information disclosure or bypass
of sandbox restrictions.
DSA-5431 sofia-sip – security update
Xu Biang discovered that missing input sanitising in Sofia-SIP, a SIP
User-Agent library could result in denial of service.