Category Archives: Advisories

roundcubemail-1.5.8-1.el9

Read Time:22 Second

FEDORA-EPEL-2024-1b8e0ad5c2

Packages in this update:

roundcubemail-1.5.8-1.el9

Update description:

Version 1.5.8

Fix XSS vulnerability in post-processing of sanitized HTML content CVE-2024-42009
Fix XSS vulnerability in serving of attachments other than HTML or SVG CVE-2024-42008
Fix information leak (access to remote content) via insufficient CSS filtering CVE-2024-42010
Fix so install/update scripts do not require PEAR (#9037)

Read More

ZDI-24-1057: Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 3.3. The following CVEs are assigned: CVE-2024-7511.

Read More

ZDI-24-1055: Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7509.

Read More

ZDI-24-1054: Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-7508.

Read More

ZDI-24-1076: Microsoft Windows Menu DC Color Space Use-After-Free Local Privilege Escalation Vulnerability

Read Time:16 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30082.

Read More