This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-3913.
It was discovered that some Intel® Core™ Ultra Processors did not properly
isolate the stream cache. A local authenticated user could potentially use
this to escalate their privileges. (CVE-2023-42667)
It was discovered that some Intel® Processors did not properly isolate the
stream cache. A local authenticated user could potentially use this to
escalate their privileges. (CVE-2023-49141)
It was discovered that some Intel® Processors did not correctly transition
between the executive monitor and SMI transfer monitor (STM). A privileged
local attacker could use this to escalate their privileges.
(CVE-2024-24853)
It was discovered that some 3rd, 4th, and 5th Generation Intel® Xeon®
Processors failed to properly implement a protection mechanism. A local
attacker could use this to potentially escalate their privileges.
(CVE-2024-24980)
It was discovered that some 3rd Generation Intel Xeon Scalable Processors
did not properly handle mirrored regions with different values. A
privileged local user could use this to cause a denial of service (system
crash). (CVE-2024-25939)
dovecot-2.3.21.1-1.fc39
CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage.
CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email.
dovecot-2.3.21.1-1.fc40
CVE-2024-23184: A large number of address headers in email resulted in excessive CPU usage.
CVE-2024-23185: Abnormally large email headers are now truncated or discarded, with a limit of 10MB on a single header and 50MB for all the headers of all the parts of an email.
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– ARM64 architecture;
– M68K architecture;
– User-Mode Linux (UML);
– x86 architecture;
– Accessibility subsystem;
– Character device driver;
– Clock framework and drivers;
– CPU frequency scaling framework;
– Hardware crypto device drivers;
– Buffer Sharing and Synchronization framework;
– FireWire subsystem;
– GPU drivers;
– HW tracing;
– Macintosh device drivers;
– Multiple devices driver;
– Media drivers;
– Network drivers;
– Pin controllers subsystem;
– S/390 drivers;
– SCSI drivers;
– SoundWire subsystem;
– Greybus lights staging drivers;
– TTY drivers;
– Framebuffer layer;
– Virtio drivers;
– 9P distributed file system;
– eCrypt file system;
– EROFS file system;
– Ext4 file system;
– F2FS file system;
– JFFS2 file system;
– Network file system client;
– NILFS2 file system;
– SMB network file system;
– Kernel debugger infrastructure;
– IRQ subsystem;
– Tracing infrastructure;
– Dynamic debug library;
– 9P file system network protocol;
– Bluetooth subsystem;
– Networking core;
– IPv4 networking;
– IPv6 networking;
– Netfilter;
– NET/ROM layer;
– NFC subsystem;
– NSH protocol;
– Open vSwitch;
– Phonet protocol;
– TIPC protocol;
– Unix domain sockets;
– Wireless networking;
– eXpress Data Path;
– XFRM subsystem;
– ALSA framework;
(CVE-2024-36934, CVE-2024-38578, CVE-2024-38600, CVE-2024-27399,
CVE-2024-39276, CVE-2024-38596, CVE-2024-36933, CVE-2024-36919,
CVE-2024-35976, CVE-2024-37356, CVE-2023-52585, CVE-2024-38558,
CVE-2024-38560, CVE-2024-38634, CVE-2024-36959, CVE-2024-38633,
CVE-2024-36886, CVE-2024-27398, CVE-2024-39493, CVE-2024-26886,
CVE-2024-31076, CVE-2024-38559, CVE-2024-38615, CVE-2024-36971,
CVE-2024-38627, CVE-2024-36964, CVE-2024-38780, CVE-2024-37353,
CVE-2024-38621, CVE-2024-36883, CVE-2024-39488, CVE-2024-38661,
CVE-2024-36939, CVE-2024-38589, CVE-2024-38565, CVE-2024-38381,
CVE-2024-35947, CVE-2024-36905, CVE-2022-48772, CVE-2024-36017,
CVE-2024-36946, CVE-2024-27401, CVE-2024-38579, CVE-2024-38612,
CVE-2024-38598, CVE-2024-38635, CVE-2024-38587, CVE-2024-38567,
CVE-2024-38549, CVE-2024-36960, CVE-2023-52752, CVE-2024-27019,
CVE-2024-38601, CVE-2024-39489, CVE-2024-39467, CVE-2023-52882,
CVE-2024-38583, CVE-2024-39480, CVE-2024-38607, CVE-2024-36940,
CVE-2024-38659, CVE-2023-52434, CVE-2024-36015, CVE-2024-38582,
CVE-2024-36950, CVE-2024-38552, CVE-2024-33621, CVE-2024-36954,
CVE-2024-39475, CVE-2024-39301, CVE-2024-38599, CVE-2024-36902,
CVE-2024-36286, CVE-2024-38613, CVE-2024-38637, CVE-2024-36941,
CVE-2024-36014, CVE-2024-38618, CVE-2024-36904, CVE-2024-36270,
CVE-2024-39292, CVE-2024-39471, CVE-2022-48674)
Noah Misch discovered that PostgreSQL incorrectly handled certain
SQL objects. An attacker could possibly use this issue to execute
arbitrary SQL functions as the superuser.
python3.6-3.6.15-35.fc41
Automatic update for python3.6-3.6.15-35.fc41.
* Fri Aug 16 2024 Tomáš Hrnčiar <thrnciar@redhat.com> – 3.6.15-35
– Security fix for CVE-2024-6923 (rhbz#2303161)
python3.6-3.6.15-35.fc42
Automatic update for python3.6-3.6.15-35.fc42.
* Fri Aug 16 2024 Tomáš Hrnčiar <thrnciar@redhat.com> – 3.6.15-35
– Security fix for CVE-2024-6923 (rhbz#2303161)
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2024-7518,
CVE-2024-7521, CVE-2024-7524, CVE-2024-7526, CVE-2024-7527, CVE-2024-7528,
CVE-2024-7529, CVE-2024-7530, CVE-2024-7531)
It was discovered that Firefox did not properly manage certain memory
operations when processing graphics shared memory. An attacker could
potentially exploit this issue to escape the sandbox. (CVE-2024-7519)
Nan Wang discovered that Firefox did not properly handle type check in
WebAssembly. An attacker could potentially exploit this issue to execute
arbitrary code. (CVE-2024-7520)
Irvan Kurniawan discovered that Firefox did not properly check an attribute
value in the editor component, leading to an out-of-bounds read
vulnerability. An attacker could possibly use this issue to cause a denial
of service or expose sensitive information. (CVE-2024-7522)
Rob Wu discovered that Firefox did not properly check permissions when
creating a StreamFilter. An attacker could possibly use this issue to
modify response body of requests on any site using a web extension.
(CVE-2024-7525)
It was discovered that Rack incorrectly parsed certain media types. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. This issue only affected
Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2024-25126)
It was discovered that Rack incorrectly handled certain Range headers. A
remote attacker could possibly use this issue to cause Rack to create
large responses, leading to a denial of service. (CVE-2024-26141)
It was discovered that Rack incorrectly handled certain crafted headers. A
remote attacker could possibly use this issue to cause Rack to consume
resources, leading to a denial of service. (CVE-2024-26146)
