FEDORA-2024-e82145eb25
Packages in this update:
python-single-version-1.6.0-1.fc40
Update description:
Initial import
python-single-version-1.6.0-1.fc40
Initial import
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 24
SEC Consult Vulnerability Lab Security Advisory < 20241024-0 >
=======================================================================
title: Unauthenticated Path Traversal Vulnerability
product: Lawo AG – vsm LTC Time Sync (vTimeSync)
vulnerable version: <4.5.6.0
fixed version: 4.5.6.0
CVE number: CVE-2024-6049
impact: high
homepage:…
Posted by Sandro Gauci via Fulldisclosure on Oct 24
Dear Full Disclosure community,
We’ve released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: “DTLS
‘ClientHello’ Race Conditions in WebRTC Implementations”.
White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf
Key points:
1. Vulnerability: Failure to properly verify the origin of DTLS “ClientHello” messages in WebRTC…
Posted by malvuln on Oct 24
Adversary3 malware vulnerability intel tool for third-party attackers
living off malware (LOM), updated with 700 malware and C2 panel
vulnerabilities
https://github.com/malvuln/Adversary3
Thanks,
malvuln
mysql8.0-8.0.40-1.fc41
MySQL 8.0.40
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
mysql8.0-8.0.40-1.fc40
MySQL 8.0.40
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
buildah-1.37.5-1.fc40
podman-5.2.5-2.fc40
Fixes CVE-2024-9341, CVE-2024-9407, CVE-2024-9675 and CVE-2024-9676.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-8025.
A vulnerability has been discovered in Fortinet FortiManager which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
libtiff-4.6.0-5.fc40.1
fix CVE-2024-7006 (rhbz#2302997)
fix CVE-2023-52356 (rhbz#2260112)
fix CVE-2023-6228 (rhbz#2251863)