This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-27328.
Monthly Archives: February 2024
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
What is the Vulnerability?
On February 19, 2024, ConnectWise published a security advisory for their remote desktop application software called ScreenConnect. One of the flaws, CVE-2024-1709 is an authentication bypass vulnerability that could let attackers gain administrative access to a ScreenConnect instance. That vulnerability has a public proof-of-concept (PoC) available and recently been added to CISA’s known exploited catalog. The second flaw tracked as CVE-2024-1708 is a path traversal vulnerability that may allow an attacker to execute remote code.
What is the Vendor Solution?
ConnectWise has released a patch covering both vulnerabilities. [ Link ]
What FortiGuard Coverage is available?
FortiGuard Labs is currently investigating related protections and will update as soon as they are available.
FortiGuard Labs recommends companies to apply the most recent upgrade or patch from the vendor as soon as possible.
wpa_supplicant-2.10-9.fc39
FEDORA-2024-a95bdde55b
Packages in this update:
wpa_supplicant-2.10-9.fc39
Update description:
backport fix for PEAP client (CVE-2023-52160)
wpa_supplicant-2.10-7.fc38
FEDORA-2024-36d2be00d0
Packages in this update:
wpa_supplicant-2.10-7.fc38
Update description:
backport fix for PEAP client (CVE-2023-52160)
DSA-5630-1 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result in denial of service or the execution of arbitrary code.
DSA-5629-1 chromium – security update
Multiple security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
freeipa-4.11.1-4.fc40
FEDORA-2024-9fc8015fa9
Packages in this update:
freeipa-4.11.1-4.fc40
Update description:
Automatic update for freeipa-4.11.1-4.fc40.
Changelog
* Wed Feb 21 2024 Rob Crittenden <rcritten@redhat.com> – 4.11.1-4
– Security release: CVE-2024-1481
– Resolves: rhbz#2265129
freeipa-4.11.1-4.fc41
FEDORA-2024-d7b9fbb2a5
Packages in this update:
freeipa-4.11.1-4.fc41
Update description:
Automatic update for freeipa-4.11.1-4.fc41.
Changelog
* Wed Feb 21 2024 Rob Crittenden <rcritten@redhat.com> – 4.11.1-4
– Security release: CVE-2024-1481
– Resolves: rhbz#2265129
A Vulnerability in Junos OS Could Allow for Remote Code Execution
A vulnerability has been discovered in the Junos OS, which could allow for remote code execution. Junos OS is a FreeBSD-based network operating system used in Juniper Networks routing, switching and security devices. Successful exploitation could allow for remote code execution in the context of the system. Depending on the privileges associated with the logged on user, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
mod_auth_openidc-2.4.15.3-1.fc39
FEDORA-2024-3c0f2a2771
Packages in this update:
mod_auth_openidc-2.4.15.3-1.fc39
Update description:
fix CVE-2024-24814: prevent DoS when OIDCSessionType client-cookie is set and a crafted Cookie header is supplied