Read Time:7 Second
Martin Širokov discovered that libvirt incorrectly handled certain memory
operations. A local attacker could possibly use this issue to access
virtproxyd without authorization.
Daily Archives: May 7, 2024
BTC-e $9bn Crypto-Money Launderer Pleads Guilty
Read Time:5 Second
Russian national Alexander Vinnik has pleaded guilty to his role in a multibillion-dollar money laundering conspiracy
China Suspected After Major MoD Payroll Breach
Read Time:5 Second
Reports claim state-backed hackers accessed sensitive personal and financial information on UK military personnel
mingw-python-jinja2-3.1.4-1.fc39
Read Time:8 Second
FEDORA-2024-e609c057ad
Packages in this update:
mingw-python-jinja2-3.1.4-1.fc39
Update description:
Update to jinja2-3.1.4, fixes CVE-2024-34064.
mingw-python-jinja2-3.1.4-1.fc40
Read Time:8 Second
FEDORA-2024-e3caf31c98
Packages in this update:
mingw-python-jinja2-3.1.4-1.fc40
Update description:
Update to jinja2-3.1.4, fixes CVE-2024-34064.
mingw-python-werkzeug-3.0.3-1.fc40
Read Time:8 Second
FEDORA-2024-8e8ff9d6ec
Packages in this update:
mingw-python-werkzeug-3.0.3-1.fc40
Update description:
Update to werkzeug-3.0.3, fixes CVE-2024-34069.
ZDI-24-420: SonicWALL GMS Virtual Appliance ECMPolicy XML External Entity Processing Information Disclosure Vulnerability
Read Time:15 Second
This vulnerability allows remote attackers to disclose sensitive information on affected installations of SonicWALL GMS Virtual Appliance. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-29010.
ZDI-24-421: SonicWALL GMS Virtual Appliance ECMClientAuthenticator Hard-Coded Credential Authentication Bypass Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of SonicWALL GMS Virtual Appliance. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-29011.
ZDI-24-422: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-30304.
ZDI-24-423: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-30301.