USN-6978-1: XStream vulnerabilities
It was discovered that XStream incorrectly handled parsing of certain crafted XML documents. A remote attacker could possibly use this issue to read arbitrary files....
USN-6972-2: Linux kernel (AWS) vulnerabilities
Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker...
USN-6979-1: Linux kernel (Raspberry Pi) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...
ZDI-24-1158: Rockwell Automation ThinManager ThinServer Unrestricted File Upload Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Rockwell Automation ThinManager. Authentication is not required to exploit this vulnerability. The...
ZDI-24-1157: Rockwell Automation ThinManager ThinServer Arbitrary File Creation Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute low-privileged...
ZDI-24-1156: Rockwell Automation ThinManager ThinServer Arbitrary File Read Information Disclosure Vulnerability
This vulnerability allows local attackers to read arbitrary files on affected installations of Rockwell Automation ThinManager. An attacker must first obtain the ability to execute...
ZDI-24-1155: PaperCut NG image-handler Directory Traversal Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of PaperCut NG. An attacker must first obtain the ability to execute low-privileged code...
ZDI-24-1160: Apple WebKit WebCodecs VideoFrame Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple WebKit. User interaction is required to exploit this vulnerability in that...
ZDI-24-1159: G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute...
ZDI-24-1175: Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in...