Chenyuan Yang discovered that the RDS Protocol implementation in the Linux
kernel contained an out-of-bounds read vulnerability. An attacker could use
this to possibly cause a denial of service (system crash). (CVE-2024-23849)

Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– PowerPC architecture;
– S390 architecture;
– Block layer subsystem;
– Android drivers;
– Hardware random number generator core;
– GPU drivers;
– Hardware monitoring drivers;
– I2C subsystem;
– IIO Magnetometer sensors drivers;
– InfiniBand drivers;
– Network drivers;
– PCI driver for MicroSemi Switchtec;
– PHY drivers;
– Ceph distributed file system;
– Ext4 file system;
– JFS file system;
– NILFS2 file system;
– Pstore file system;
– Core kernel;
– Memory management;
– CAN network layer;
– Networking core;
– IPv4 networking;
– Logical Link layer;
– Netfilter;
– NFC subsystem;
– SMC sockets;
– Sun RPC protocol;
– TIPC protocol;
– Realtek audio codecs;
(CVE-2024-26696, CVE-2023-52583, CVE-2024-26720, CVE-2023-52615,
CVE-2023-52599, CVE-2023-52587, CVE-2024-26635, CVE-2024-26704,
CVE-2024-26625, CVE-2024-26825, CVE-2023-52622, CVE-2023-52435,
CVE-2023-52617, CVE-2023-52598, CVE-2024-26645, CVE-2023-52619,
CVE-2024-26593, CVE-2024-26685, CVE-2023-52602, CVE-2023-52486,
CVE-2024-26697, CVE-2024-26675, CVE-2024-26600, CVE-2023-52604,
CVE-2024-26664, CVE-2024-26606, CVE-2023-52594, CVE-2024-26671,
CVE-2024-26598, CVE-2024-26673, CVE-2024-26920, CVE-2024-26722,
CVE-2023-52601, CVE-2024-26602, CVE-2023-52637, CVE-2023-52623,
CVE-2024-26702, CVE-2023-52597, CVE-2024-26684, CVE-2023-52606,
CVE-2024-26679, CVE-2024-26663, CVE-2024-26910, CVE-2024-26615,
CVE-2023-52595, CVE-2023-52607, CVE-2024-26636)

Read More

FEDORA-2024-4d4ceb61f7

Packages in this update:

pgadmin4-8.6-1.fc40
python-libgravatar-1.0.4-1.fc40

Update description:

Update to pgadmin4-8.6

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-30033.

Read More

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.4. The following CVEs are assigned: CVE-2024-30034.

Read More

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-30043.

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3.

Read More

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.

Read More

This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3.

Read More