ZDI-24-436: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-3298.

Read More

ZDI-24-437: Dassault Systèmes eDrawings Viewer DXF File Parsing Type Confusion Remote Code Execution Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-3298.

Read More

ZDI-24-438: Dassault Systèmes eDrawings Viewer DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Dassault Syst��mes eDrawings Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-3298.

Read More

ZDI-24-439: Microsoft Windows Bluetooth AVDTP Protocol Integer Underflow Remote Code Execution Vulnerability

Read Time:16 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must connect a malicious Bluetooth device. The ZDI has assigned a CVSS rating of 7.6. The following CVEs are assigned: CVE-2023-24948.

Read More

glib2-2.78.6-1.fc39 gnome-shell-45.6-2.fc39

Read Time:16 Second

FEDORA-2024-fd2569c4e9

Packages in this update:

glib2-2.78.6-1.fc39
gnome-shell-45.6-2.fc39

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

Read More

glib2-2.80.2-1.fc40 gnome-shell-46.1-2.fc40

Read Time:16 Second

FEDORA-2024-635a54eb7e

Packages in this update:

glib2-2.80.2-1.fc40
gnome-shell-46.1-2.fc40

Update description:

Resolve CVE-2024-34397 (GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing), and also update gnome-shell to ensure this fix does not break the screencast feature.

Read More

DSA-5684-1 webkit2gtk – security update

Read Time:51 Second

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2023-42843

Kacper Kwapisz discovered that visiting a malicious website may
lead to address bar spoofing.

CVE-2023-42950

Nan Wang and Rushikesh Nandedkar discovered that processing
maliciously crafted web content may lead to arbitrary code
execution.

CVE-2023-42956

SungKwon Lee discovered that processing web content may lead to a
denial-of-service.

CVE-2024-23252

anbu1024 discovered that processing web content may lead to a
denial-of-service.

CVE-2024-23254

James Lee discovered that a malicious website may exfiltrate audio
data cross-origin.

CVE-2024-23263

Johan Carlsson discovered that processing maliciously crafted web
content may prevent Content Security Policy from being enforced.

CVE-2024-23280

An anonymous researcher discovered that a maliciously crafted
webpage may be able to fingerprint the user.

CVE-2024-23284

Georg Felber and Marco Squarcina discovered that processing
maliciously crafted web content may prevent Content Security
Policy from being enforced.

https://security-tracker.debian.org/tracker/DSA-5684-1

Read More