Read Time:4 Second
Former US Representative George Santos pleads guilty to multiple fraud and identity theft charges
Daily Archives: August 20, 2024
python3.6-3.6.15-35.fc39
Read Time:7 Second
FEDORA-2024-a7af4e0ea2
Packages in this update:
python3.6-3.6.15-35.fc39
Update description:
Security fix for CVE-2024-6923
python3.6-3.6.15-35.fc40
Read Time:7 Second
FEDORA-2024-254c31b144
Packages in this update:
python3.6-3.6.15-35.fc40
Update description:
Security fix for CVE-2024-6923
Jewish Home Lifecare Notifies 100,000 Victims of Ransomware Breach
Read Time:5 Second
Healthcare organization Jewish Home Lifecare has revealed that a 2024 data breach hit over 100,000 customers
ZDI-24-1152: Phoenix Contact CHARX SEC-3100 Improper Access Control Authentication Bypass Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-3913.
ZDI-24-1153: Autodesk AutoCAD DWF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7305.
ZDI-24-1154: Autel MaxiCharger AC Elite Business C50 AppAuthenExchangeRandomNum Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Read Time:15 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 EV chargers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-7795.
USN-6967-1: Intel Microcode vulnerabilities
Read Time:50 Second
It was discovered that some Intel® Core™ Ultra Processors did not properly
isolate the stream cache. A local authenticated user could potentially use
this to escalate their privileges. (CVE-2023-42667)
It was discovered that some Intel® Processors did not properly isolate the
stream cache. A local authenticated user could potentially use this to
escalate their privileges. (CVE-2023-49141)
It was discovered that some Intel® Processors did not correctly transition
between the executive monitor and SMI transfer monitor (STM). A privileged
local attacker could use this to escalate their privileges.
(CVE-2024-24853)
It was discovered that some 3rd, 4th, and 5th Generation Intel® Xeon®
Processors failed to properly implement a protection mechanism. A local
attacker could use this to potentially escalate their privileges.
(CVE-2024-24980)
It was discovered that some 3rd Generation Intel Xeon Scalable Processors
did not properly handle mirrored regions with different values. A
privileged local user could use this to cause a denial of service (system
crash). (CVE-2024-25939)