Read Time:5 Second
The US government has identified a ninth telecom that was successfully hacked by Salt Typhoon.
Daily Archives: December 30, 2024
Majority of UK SMEs Lack Cybersecurity Policy
Read Time:8 Second
Insurance firm Markel Direct found that 69% of UK SMEs lack a cybersecurity policy, with a significant lack of basic cybersecurity measures in place across these firms
php-tcpdf-6.8.0-1.fc40
Read Time:20 Second
FEDORA-2024-d6b0e72e3d
Packages in this update:
php-tcpdf-6.8.0-1.fc40
Update description:
Version 6.8.0 (2024-12-23)
Requires PHP 7.1+ and curl extension.
Escape error message.
Use strict time-constant function to compare TCPDF-tag hashes.
Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have changed).
Add some addTTFfont fixes from tc-lib-pdf-font.
php-tcpdf-6.8.0-1.fc41
Read Time:20 Second
FEDORA-2024-7d6412477b
Packages in this update:
php-tcpdf-6.8.0-1.fc41
Update description:
Version 6.8.0 (2024-12-23)
Requires PHP 7.1+ and curl extension.
Escape error message.
Use strict time-constant function to compare TCPDF-tag hashes.
Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have changed).
Add some addTTFfont fixes from tc-lib-pdf-font.
ZDI-24-1727: (0Day) Panda Security Dome Link Following Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13043.
ZDI-24-1728: (0Day) Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13044.
ZDI-24-1729: (0Day) Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13045.
ZDI-24-1730: (0Day) Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13046.
ZDI-24-1731: (0Day) Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13047.
ZDI-24-1732: (0Day) Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-13048.