In a campaign targeting Mongolian government websites, Russian-backed APT29 leveraged exploits previously used by spyware vendors NSO Group and Intellexa
Daily Archives: August 30, 2024
vim-9.1.703-1.fc41
FEDORA-2024-2960d36420
Packages in this update:
vim-9.1.703-1.fc41
Update description:
patchlevel 703
Security fixes for CVE-2024-43374, CVE-2024-43802
ZDI-24-1188: (0Day) Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-8356.
ZDI-24-1189: (0Day) Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8357.
ZDI-24-1190: (0Day) Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-8358.
ZDI-24-1191: (0Day) Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-8359.
ZDI-24-1192: (0Day) Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-8360.
DSA-5762-1 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2024-4558
An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.
CVE-2024-40776
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40779
Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40780
Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40782
Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.
CVE-2024-40785
Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.
CVE-2024-40789
Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
CVE-2024-40794
Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.
DSA-5763-1 pymatgen – security update
William Khem-Marquez discovered that Pymatgen, a Python library for
materials analysis, could be tricked into running arbitrary code if a
malformed CIF file is processed.