Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for privilege escalation. Successful exploitation of the most severe of these vulnerabilities could allow for privilege escalation in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Daily Archives: March 5, 2024
USN-6678-1: libgit2 vulnerabilities
It was discovered that libgit2 mishandled equivalent filenames on NTFS
partitions. If a user or automated system were tricked into cloning a
specially crafted repository, an attacker could possibly use this issue to
execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2020-12278, CVE-2020-12279)
It was discovered that libgit2 did not perform certificate checking by
default. An attacker could possibly use this issue to perform a
machine-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS,
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2023-22742)
It was discovered that libgit2 could be made to run into an infinite loop.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 23.10. (CVE-2024-24575)
It was discovered that libgit2 did not properly manage memory. An attacker
could possibly use this issue to cause a denial of service or execute
arbitrary code. (CVE-2024-24577)
USN-6677-1: libde265 vulnerabilities
It was discovered that libde265 could be made to dereference invalid
memory. If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-27102)
It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. This issue only affected Ubuntu 16.04
LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS.
(CVE-2023-27103)
It was discovered that libde265 could be made to write out of bounds. If a
user or automated system were tricked into opening a specially crafted
file, an attacker could possibly use this issue to cause a denial of
service or execute arbitrary code. (CVE-2023-43887, CVE-2023-47471,
CVE-2023-49465, CVE-2023-49467, CVE-2023-49468)
KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05
KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Title: Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Advisory ID: KL-001-2024-004
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt
1. Vulnerability Details
Affected Vendor: Artica
Affected Product: Artica Proxy
Affected Version: 4.50
…
KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability
Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05
KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability
Title: Artica Proxy Unauthenticated File Manager Vulnerability
Advisory ID: KL-001-2024-003
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt
1. Vulnerability Details
Affected Vendor: Artica
Affected Product: Artica Proxy
Affected Version: 4.40 and 4.50
Platform: Debian 10…
KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05
KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Title: Artica Proxy Unauthenticated PHP Deserialization Vulnerability
Advisory ID: KL-001-2024-002
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt
1. Vulnerability Details
Affected Vendor: Artica
Affected Product: Artica Proxy
Affected Version: 4.50
Platform: Debian…
KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
Posted by KoreLogic Disclosures via Fulldisclosure on Mar 05
KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
Title: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
Advisory ID: KL-001-2024-001
Publication Date: 2024.03.05
Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt
1. Vulnerability Details
Affected Vendor: Artica
Affected Product: Artica Proxy
Affected Version: 4.40 and 4.50
…
thunderbird-115.8.1-1.fc40
FEDORA-2024-d8a0e599e2
Packages in this update:
thunderbird-115.8.1-1.fc40
Update description:
Update to 115.8.1
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
read that if you have mails with encrypted email subjects
https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
thunderbird-115.8.1-1.fc39
FEDORA-2024-3699706b25
Packages in this update:
thunderbird-115.8.1-1.fc39
Update description:
Update to 115.8.1
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
read that if you have mails with encrypted email subjects
https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/
thunderbird-115.8.1-1.fc38
FEDORA-2024-325c1d1fce
Packages in this update:
thunderbird-115.8.1-1.fc38
Update description:
Update to 115.8.1
https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/
read that if you have mails with encrypted email subjects
https://www.thunderbird.net/en-US/thunderbird/115.8.1/releasenotes/