This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-47977.
Category Archives: Advisories
ZDI-24-1691: Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-52538.
ZDI-24-1690: Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-47977.
ZDI-24-1689: Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-47977.
DSA-5832-1 gstreamer1.0 – security update
Antonio Morales reported an integer overflow vulnerability in the memory
allocator in the Core GStreamer libraries, which may result in denial of
service or potentially the execution of arbitrary code if a malformed
media file is processed.
USN-7160-1: Mpmath vulnerability
It was discovered Mpmath incorrectly handled certain regular expressions.
An attacker could possibly use this issue to cause Mpmath to consume
resources, leading to a denial of service.
doctl-1.120.0-1.fc42
FEDORA-2024-6267b82cf7
Packages in this update:
doctl-1.120.0-1.fc42
Update description:
Automatic update for doctl-1.120.0-1.fc42.
Changelog
* Sun Dec 15 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.120.0-1
– Update to 1.120.0 – Closes rhbz#2272525 rhbz#2292680 rhbz#2294002
rhbz#2331944 rhbz#2331970
GLSA 202412-20: NVIDIA Drivers: Privilege Escalation
DSA-5831-1 gst-plugins-base1.0 – security update
Multiple multiple vulnerabilities were discovered in plugins for the
GStreamer media framework and its codecs and demuxers, which may result
in denial of service or potentially the execution of arbitrary code if
a malformed media file is opened.
USN-7157-2: PHP regression
USN-7157-1 fixed vulnerabilities in PHP. The patch for
CVE-2024-8932 caused a regression in php7.4. This
update fixes the problem.
Original advisory details:
It was discovered that PHP incorrectly handled certain inputs when
processed with convert.quoted-printable decode filters.
An attacker could possibly use this issue to expose sensitive
information or cause a crash. (CVE-2024-11233)
It was discovered that PHP incorrectly handled certain HTTP requests.
An attacker could possibly use this issue to performing arbitrary
HTTP requests originating from the server, thus potentially
gaining access to resources not normally available to the external
user. (CVE-2024-11234)
It was discovered that PHP incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2024-11236, CVE-2024-8932)
It was discovered that PHP incorrectly handled certain MySQL requests.
An attacker could possibly use this issue to cause the client to
disclose the content of its heap containing data from other SQL requests
and possible other data belonging to different users of the same server.
(CVE-2024-8929)