Read Time:9 Second
FEDORA-2023-d296850e7e
Packages in this update:
libssh-0.10.6-1.fc38
Update description:
New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)
Yearly Archives: 2023
libssh-0.10.6-1.fc39
Read Time:9 Second
FEDORA-2023-0733306be9
Packages in this update:
libssh-0.10.6-1.fc39
Update description:
New upstream release fixing (CVE-2023-48795, CVE-2023-6004, CVE-2023-6918)
ZDI-23-1806: X.Org Server Window Object Use-After-Free Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-5380.
ZDI-23-1807: X.Org Server Damage Object Use-After-Free Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2023-5574.
ZDI-23-1808: TP-Link TL-WR841N dropbearpwd Improper Authentication Information Disclosure Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR841N routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2023-50224.
ZDI-23-1809: TP-Link TL-WR902AC dm_fillObjByStr Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2023-50225.
ZDI-23-1800: Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability
Read Time:16 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-41725.
ZDI-23-1801: Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability
Read Time:16 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2022-43554.
ZDI-23-1802: Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability
Read Time:16 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Ivanti Avalanche. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2022-43555.
ZDI-23-1803: Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2023-50228.