Multiple vulnerabilities have been discovered in Ivanti Cloud Services Application (CSA), the most severe of which could allow for remote code execution. Ivanti Endpoint Manager is a client-based unified endpoint management software. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the system, an attacker could then install programs; view, change, or delete data. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

FEDORA-2024-9fb3492511

Packages in this update:

bpftool-7.5.0-1.fc41
kernel-6.12.4-200.fc41
kernel-headers-6.12.4-200.fc41

Update description:

The 6.12.4 stable kernel rebase contains new features, additional hardware support and a number of important fixes across the tree.

Read More

FEDORA-2024-811cffc4ef

Packages in this update:

bpftool-7.5.0-1.fc40
kernel-6.12.4-100.fc40
kernel-headers-6.12.4-100.fc40

Update description:

The 6.12.4 stable kernel rebase contains new features, additional hardware support and a number of important fixes across the tree.

Read More

It was discovered that Tornado incorrectly handled a certain redirect.
A remote attacker could possibly use this issue to redirect a user to an
arbitrary web site and conduct a phishing attack by having the user access
a specially crafted URL. This update provides the corresponding fix for
Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-28370)

It was discovered that Tornado inefficiently handled requests when parsing
cookies. An attacker could possibly use this issue to increase resource
utilization leading to a denial of service. (CVE-2024-52804)

Read More