ZDI-24-1188: (0Day) Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-8356.

Read More

ZDI-24-1189: (0Day) Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability

Read Time:15 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-8357.

Read More

DSA-5762-1 webkit2gtk – security update

Read Time:51 Second

The following vulnerabilities have been discovered in the WebKitGTK
web engine:

CVE-2024-4558

An anonymous researcher discovered that processing maliciously
crafted web content may lead to an unexpected process crash.

CVE-2024-40776

Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40779

Huang Xilin discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40780

Huang Xilin dicovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40782

Maksymilian Motyl discovered that processing maliciously crafted
web content may lead to an unexpected process crash.

CVE-2024-40785

Johan Carlsson discovered that processing maliciously crafted web
content may lead to a cross site scripting attack.

CVE-2024-40789

Seunghyun Lee discovered that processing maliciously crafted web
content may lead to an unexpected process crash.

CVE-2024-40794

Matthew Butler discovered that private Browsing tabs may be
accessed without authentication.

https://security-tracker.debian.org/tracker/DSA-5762-1

Read More