Notorious APT44 group Sandworm launched a major campaign against Ukrainian critical infrastructure in March
Monthly Archives: April 2024
freerdp2-2.11.7-1.fc40
FEDORA-2024-982a7184e0
Packages in this update:
freerdp2-2.11.7-1.fc40
Update description:
Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)
freerdp-2.11.7-1.fc38
FEDORA-2024-c702ea0fb1
Packages in this update:
freerdp-2.11.7-1.fc38
Update description:
Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)
freerdp-2.11.7-1.fc39
FEDORA-2024-1b11432d52
Packages in this update:
freerdp-2.11.7-1.fc39
Update description:
Update to 2.11.7 (CVE-2024-32039, CVE-2024-32040, CVE-2024-32041, CVE-2024-32458, CVE-2024-32459, CVE-2024-32460)
Russian APT28 Group in New “GooseEgg” Hacking Campaign
Microsoft has warned of a long-running credential stealing campaign from Russia’s APT28
chromium-124.0.6367.60-2.fc40
FEDORA-2024-8b50ca2e22
Packages in this update:
chromium-124.0.6367.60-2.fc40
Update description:
update to 124.0.6367.60
High CVE-2024-3832: Object corruption in V8
High CVE-2024-3833: Object corruption in WebAssembly
High CVE-2024-3914: Use after free in V8
High CVE-2024-3834: Use after free in Downloads
Medium CVE-2024-3837: Use after free in QUIC
Medium CVE-2024-3838: Inappropriate implementation in Autofill
Medium CVE-2024-3839: Out of bounds read in Fonts
Medium CVE-2024-3840: Insufficient policy enforcement in Site Isolation
Medium CVE-2024-3841: Insufficient data validation in Browser Switcher
Medium CVE-2024-3843: Insufficient data validation in Downloads
Low CVE-2024-3844: Inappropriate implementation in Extensions
Low CVE-2024-3845: Inappropriate implementation in Network
Low CVE-2024-3846: Inappropriate implementation in Prompts
Low CVE-2024-3847: Insufficient policy enforcement in WebUI
php-tcpdf-6.7.5-1.fc40
FEDORA-2024-27eafd0e65
Packages in this update:
php-tcpdf-6.7.5-1.fc40
Update description:
Version 6.7.5 (2024-04-20)
Update GitHub actions
fix: CSV-2024-22640 (#712)
ZDI-24-377: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-23533.
ZDI-24-378: Ivanti Avalanche WLAvalancheService Out-Of-Bounds Read Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-23532.
ZDI-24-379: Ivanti Avalanche getMasterAdhocCollectionsPath Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23534.