Read Time:6 Second
FEDORA-2024-e82145eb25
Packages in this update:
python-single-version-1.6.0-1.fc40
Update description:
Initial import
Category Archives: Advisories
SEC Consult SA-20241024-0 :: Unauthenticated Path Traversal Vulnerability in Lawo AG – vsm LTC Time Sync (vTimeSync) (CVE-2024-6049)
Read Time:17 Second
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 24
SEC Consult Vulnerability Lab Security Advisory < 20241024-0 >
=======================================================================
title: Unauthenticated Path Traversal Vulnerability
product: Lawo AG – vsm LTC Time Sync (vTimeSync)
vulnerable version: <4.5.6.0
fixed version: 4.5.6.0
CVE number: CVE-2024-6049
impact: high
homepage:…
[RESEARCH] DTLS ‘ClientHello’ Race Conditions in WebRTC Implementations
Read Time:19 Second
Posted by Sandro Gauci via Fulldisclosure on Oct 24
Dear Full Disclosure community,
We’ve released a white paper detailing a critical vulnerability affecting multiple WebRTC implementations: “DTLS
‘ClientHello’ Race Conditions in WebRTC Implementations”.
White paper: https://www.enablesecurity.com/research/webrtc-hello-race-conditions-paper.pdf
Key points:
1. Vulnerability: Failure to properly verify the origin of DTLS “ClientHello” messages in WebRTC…
Adversary3 updated with 700 malware and C2 panel vulnerabilities
Read Time:10 Second
Posted by malvuln on Oct 24
Adversary3 malware vulnerability intel tool for third-party attackers
living off malware (LOM), updated with 700 malware and C2 panel
vulnerabilities
https://github.com/malvuln/Adversary3
Thanks,
malvuln
DSA-5797-1 twisted – security update
Read Time:11 Second
Multiple security issues were found in Twisted, an event-based framework
for internet applications, which could result in incorrect ordering of
HTTP requests or cross-site scripting.
DSA-5796-1 libheif – security update
Read Time:12 Second
Multiple security issues were found in libheif, a library to parse HEIF
and AVIF files, which could result in denial of service or potentially
the execution of arbitrary code.
mysql8.0-8.0.40-1.fc41
Read Time:11 Second
FEDORA-2024-9bef6cc6d4
Packages in this update:
mysql8.0-8.0.40-1.fc41
Update description:
MySQL 8.0.40
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
mysql8.0-8.0.40-1.fc40
Read Time:11 Second
FEDORA-2024-0c1c9227e5
Packages in this update:
mysql8.0-8.0.40-1.fc40
Update description:
MySQL 8.0.40
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
buildah-1.37.5-1.fc40 podman-5.2.5-2.fc40
Read Time:11 Second
FEDORA-2024-054752ae69
Packages in this update:
buildah-1.37.5-1.fc40
podman-5.2.5-2.fc40
Update description:
Fixes CVE-2024-9341, CVE-2024-9407, CVE-2024-9675 and CVE-2024-9676.
ZDI-24-1422: Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-8025.