ZDI-24-120: X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-21885.

Rsync File Synchronization Tool Vulnerabilities

What are the Vulnerabilities?Six security vulnerabilities have been disclosed in the popular Rsync tool, an open-source file synchronization and data...

January 16, 2025

vaultwarden-1.32.7-2.el9

FEDORA-EPEL-2025-90c1787ffb Packages in this update: vaultwarden-1.32.7-2.el9 Update description: Update to 1.32.7 Fix CVE-2024-56335 Fix CVE-2024-55226 Fix CVE-2024-55225 Fix CVE-2024-55224 Read...

January 15, 2025

USN-7173-3: Linux kernel (Raspberry Pi) vulnerabilities

Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to...

January 15, 2025

Multiple Vulnerabilities in Rsync Could Allow for Remote Code Execution

Multiple vulnerabilities have been discovered in Rsync, the most severe of which could allow for remote code execution. Rsync is an...

January 15, 2025

USN-7204-1: NeoMutt vulnerabilities

Jeriko One discovered that NeoMutt incorrectly handled certain IMAP and POP3 responses. An attacker could possibly use this issue to...

January 15, 2025

pam-u2f-1.3.1-1.el9

FEDORA-EPEL-2025-b1223174a4 Packages in this update: pam-u2f-1.3.1-1.el9 Update description: pam-u2f fix to resolve CVE-2025-23013 (Partial Authentication Bypass). CVSS score 7.3 Read...

January 15, 2025

CISA Launches Playbook to Boost AI Cybersecurity Collaboration

Multi-Cloud Adoption Surges Amid Rising Security Concerns

Chinese PlugX Malware Deleted in Global Law Enforcement Operation

Illicit Crypto-Inflows Set to Top $51bn in a Year

Phishing False Alarm

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls

Secureworks Exposes North Korean Links to Fraudulent Crowdfunding

Microsoft Patches Eight Zero-Days to Start the Year

Microsoft: Happy 2025. Here’s 161 Security Updates

ZDI-24-120: X.Org Server XISendDeviceHierarchyEvent Heap-based Buffer Overflow Local Privilege Escalation Vulnerability

Rsync File Synchronization Tool Vulnerabilities

vaultwarden-1.32.7-2.el9

USN-7173-3: Linux kernel (Raspberry Pi) vulnerabilities

Multiple Vulnerabilities in Rsync Could Allow for Remote Code Execution

USN-7204-1: NeoMutt vulnerabilities

pam-u2f-1.3.1-1.el9