FEDORA-2024-da86a4f061
Packages in this update:
mingw-python-urllib3-1.26.19-1.fc40
Update description:
Update to 1.26.19, fixes CVE-2024-0444.
mingw-python-urllib3-1.26.19-1.fc40
Update to 1.26.19, fixes CVE-2024-0444.
mingw-python-urllib3-1.26.19-1.fc39
Update to 1.26.19, fixes CVE-2024-0444.
Posted by Security Explorations on Jun 21
Hello All,
On Jun 11, 2024 Microsoft engineer posted on a public forum
information about a crash experienced with Apple TV service on a
Surface Pro 9 device [1].
The post had an attachment – a 771MB file (4GB unpacked), which leaked
internal code (260+ files [2]) pertaining to Microsoft PlayReady such
as the following:
– Warbird configuration for building PlayReady library
– Warbird library implementing code obfuscation functionality
– static…
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-26001.
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26002.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-25998.
This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-25999.
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-26004.
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-25994.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-23938.