ZDI-24-1082: (0Day) (Pwn2Own) oFono AT CMGR Command Uninitialized Variable Information Disclosure Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-7542.

trunk-0.21.13-1.fc42

FEDORA-2025-3854530fd9 Packages in this update: trunk-0.21.13-1.fc42 Update description: Update Trunk to v0.21.13 Read More

April 8, 2025

USN-7424-1: Expat vulnerability

It was discovered that Expat could crash due to stack overflow when processing XML documents with deeply nested entity references....

April 8, 2025

mod_auth_openidc-2.4.16.11-1.fc41

FEDORA-2025-7d661758bd Packages in this update: mod_auth_openidc-2.4.16.11-1.fc41 Update description: REbase mod_auth_openidc-2.4.16.11 resolves CVE-2025-31492 - mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected...

April 8, 2025

mod_auth_openidc-2.4.16.11-1.fc40

FEDORA-2025-80600b51c5 Packages in this update: mod_auth_openidc-2.4.16.11-1.fc40 Update description: REbase mod_auth_openidc-2.4.16.11 resolves CVE-2025-31492 - mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected...

April 8, 2025