Read Time:12 Second
Multiple security issues were found in libheif, a library to parse HEIF
and AVIF files, which could result in denial of service or potentially
the execution of arbitrary code.
Category Archives: Advisories
mysql8.0-8.0.40-1.fc41
Read Time:11 Second
FEDORA-2024-9bef6cc6d4
Packages in this update:
mysql8.0-8.0.40-1.fc41
Update description:
MySQL 8.0.40
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
mysql8.0-8.0.40-1.fc40
Read Time:11 Second
FEDORA-2024-0c1c9227e5
Packages in this update:
mysql8.0-8.0.40-1.fc40
Update description:
MySQL 8.0.40
Release notes:
https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-40.html
buildah-1.37.5-1.fc40 podman-5.2.5-2.fc40
Read Time:11 Second
FEDORA-2024-054752ae69
Packages in this update:
buildah-1.37.5-1.fc40
podman-5.2.5-2.fc40
Update description:
Fixes CVE-2024-9341, CVE-2024-9407, CVE-2024-9675 and CVE-2024-9676.
ZDI-24-1422: Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-8025.
A Vulnerability in Fortinet FortiManager Could Allow for Remote Code Execution
Read Time:30 Second
A vulnerability has been discovered in Fortinet FortiManager which could allow for remote code execution. FortiManager is a network and security management tool that provides centralized management of Fortinet devices from a single console. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution in the context of the system. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data. Service accounts that are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
libtiff-4.6.0-5.fc40.1
Read Time:10 Second
FEDORA-2024-9c84a7c963
Packages in this update:
libtiff-4.6.0-5.fc40.1
Update description:
fix CVE-2024-7006 (rhbz#2302997)
fix CVE-2023-52356 (rhbz#2260112)
fix CVE-2023-6228 (rhbz#2251863)
thunderbird-128.3.3-1.fc41
Read Time:27 Second
FEDORA-2024-a078d86829
Packages in this update:
thunderbird-128.3.3-1.fc41
Update description:
Update to 128.3.3
https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/
Update to 128.3.2
https://www.thunderbird.net/en-US/thunderbird/128.3.2esr/releasenotes/
Update to 128.3.1
https://www.thunderbird.net/en-US/thunderbird/128.3.1esr/releasenotes/
Update to 128.3.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-49/
https://www.thunderbird.net/en-US/thunderbird/128.3.0esr/releasenotes/
USN-7082-1: libheif vulnerability
Read Time:16 Second
Gerrard Tai discovered that libheif did not properly validate certain
images, leading to out-of-bounds read and write vulnerability. If a user
or automated system were tricked into opening a specially crafted file, an
attacker could possibly use this issue to cause a denial of service or to
obtain sensitive information.
ZDI-24-1421: VMware HCX listExtensions SQL Injection Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VMware HCX. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-38814.