Posted by Teri Olson on Aug 22
Hello,
I’m giving out my late husband’s Yamaha Baby Grand Piano for free to any passionate instrument lover. kindly let me
know if you want it or have someone else who wants it.
Thanks,
Teri
Posted by Teri Olson on Aug 22
Hello,
I’m giving out my late husband’s Yamaha Baby Grand Piano for free to any passionate instrument lover. kindly let me
know if you want it or have someone else who wants it.
Thanks,
Teri
It was discovered that ImageMagick incorrectly handled certain malformed
image files. If a user or automated system using ImageMagick were tricked
into opening a specially crafted image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program.
It was discovered that XStream incorrectly handled parsing of certain
crafted XML documents. A remote attacker could possibly use this issue to
read arbitrary files. (CVE-2016-3674)
Zhihong Tian and Hui Lu found that XStream was vulnerable to remote code
execution. A remote attacker could run arbitrary shell commands by
manipulating the processed input stream. (CVE-2020-26217)
It was discovered that XStream was vulnerable to server-side forgery
attacks. A remote attacker could request data from internal resources
that are not publicly available only by manipulating the processed input
stream. (CVE-2020-26258)
It was discovered that XStream was vulnerable to arbitrary file deletion
on the local host. A remote attacker could use this to delete arbitrary
known files on the host as long as the executing process had sufficient
rights only by manipulating the processed input stream. (CVE-2020-26259)
It was discovered that XStream was vulnerable to denial of service,
arbitrary code execution, arbitrary file deletion and server-side forgery
attacks. A remote attacker could cause any of those issues by
manipulating the processed input stream. (CVE-2021-21341, CVE-2021-21342,
CVE-2021-21343, CVE-2021-21344, CVE-2021-21345, CVE-2021-21346,
CVE-2021-21347, CVE-2021-21348, CVE-2021-21349, CVE-2021-21350,
CVE-2021-21351)
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux
Kernel contained a race condition, leading to a NULL pointer dereference.
An attacker could possibly use this to cause a denial of service (system
crash). (CVE-2024-22099)
It was discovered that a race condition existed in the Bluetooth subsystem
in the Linux kernel, leading to a null pointer dereference vulnerability. A
privileged local attacker could use this to possibly cause a denial of
service (system crash). (CVE-2024-24860)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– SuperH RISC architecture;
– User-Mode Linux (UML);
– GPU drivers;
– MMC subsystem;
– Network drivers;
– PHY drivers;
– Pin controllers subsystem;
– Xen hypervisor drivers;
– GFS2 file system;
– Core kernel;
– Bluetooth subsystem;
– IPv4 networking;
– IPv6 networking;
– HD-audio driver;
– ALSA SH drivers;
(CVE-2024-26903, CVE-2024-35835, CVE-2023-52644, CVE-2024-39292,
CVE-2024-36940, CVE-2024-26600, CVE-2023-52629, CVE-2024-35955,
CVE-2023-52760, CVE-2023-52806, CVE-2024-39484, CVE-2024-26679,
CVE-2024-26654, CVE-2024-36901, CVE-2024-26687, CVE-2023-52470)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– M68K architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Accessibility subsystem;
– Character device driver;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– Buffer Sharing and Synchronization framework;
– FireWire subsystem;
– ARM SCMI message protocol;
– GPU drivers;
– HW tracing;
– InfiniBand drivers;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– Network drivers;
– Pin controllers subsystem;
– S/390 drivers;
– SCSI drivers;
– SoundWire subsystem;
– Greybus lights staging drivers;
– TTY drivers;
– Framebuffer layer;
– Virtio drivers;
– 9P distributed file system;
– eCrypt file system;
– EROFS file system;
– Ext4 file system;
– F2FS file system;
– JFFS2 file system;
– Network file system client;
– NILFS2 file system;
– SMB network file system;
– Mellanox drivers;
– Kernel debugger infrastructure;
– IRQ subsystem;
– Tracing infrastructure;
– Dynamic debug library;
– 9P file system network protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– TIPC protocol;
– TLS protocol;
– Unix domain sockets;
– Wireless networking;
– eXpress Data Path;
– XFRM subsystem;
– ALSA framework;
(CVE-2022-48674, CVE-2024-36016, CVE-2024-36934, CVE-2024-39471,
CVE-2024-38381, CVE-2024-26584, CVE-2024-38635, CVE-2024-36902,
CVE-2022-48772, CVE-2024-38600, CVE-2024-39475, CVE-2024-26886,
CVE-2024-39301, CVE-2024-36919, CVE-2024-35947, CVE-2024-38559,
CVE-2024-38637, CVE-2024-36014, CVE-2024-36960, CVE-2024-35976,
CVE-2024-27399, CVE-2024-38607, CVE-2024-38558, CVE-2024-38578,
CVE-2024-36015, CVE-2024-39488, CVE-2024-38780, CVE-2024-36940,
CVE-2024-38621, CVE-2024-38659, CVE-2024-26585, CVE-2024-27019,
CVE-2024-38615, CVE-2024-38661, CVE-2024-37353, CVE-2024-38549,
CVE-2024-38579, CVE-2024-27401, CVE-2024-38589, CVE-2024-38565,
CVE-2022-48655, CVE-2024-38567, CVE-2024-38587, CVE-2024-37356,
CVE-2024-36959, CVE-2024-39493, CVE-2024-38627, CVE-2024-36939,
CVE-2024-31076, CVE-2024-36971, CVE-2024-38560, CVE-2024-39467,
CVE-2024-36286, CVE-2024-39480, CVE-2024-26907, CVE-2024-36017,
CVE-2024-38634, CVE-2023-52585, CVE-2024-38582, CVE-2023-52752,
CVE-2024-38583, CVE-2024-38618, CVE-2024-36946, CVE-2024-39292,
CVE-2024-36950, CVE-2024-36886, CVE-2024-39489, CVE-2024-36933,
CVE-2024-27398, CVE-2023-52434, CVE-2024-36905, CVE-2024-38596,
CVE-2021-47131, CVE-2024-38601, CVE-2024-38552, CVE-2024-26583,
CVE-2024-38633, CVE-2024-36964, CVE-2024-39276, CVE-2024-36270,
CVE-2024-38613, CVE-2024-36904, CVE-2024-38598, CVE-2024-38612,
CVE-2024-36941, CVE-2024-36954, CVE-2024-38599, CVE-2024-36883,
CVE-2023-52882, CVE-2024-33621)
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8. The following CVEs are assigned: CVE-2024-7988.
This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7987.
This vulnerability allows local attackers to read arbitrary files on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2024-7986.
This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-4712.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-40789.