This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2024-28992.
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-6222.
It was discovered that Lua did not properly generate code when “_ENV” is
constant. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary unstrusted lua code. (CVE-2022-28805)
It was discovered that Lua did not properly handle C stack overflows during
error handling. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-33099)
It was discovered that EDK II was not properly performing bounds checks
in Tianocompress, which could lead to a buffer overflow. An authenticated
user could use this issue to potentially escalate their privileges via
local access. (CVE-2017-5731)
It was discovered that EDK II had an insufficient memory write check in
the SMM service, which could lead to a page fault occurring. An
authenticated user could use this issue to potentially escalate their
privileges, disclose information and/or create a denial of service via
local access. (CVE-2018-12182)
It was discovered that EDK II incorrectly handled memory in DxeCore, which
could lead to a stack overflow. An unauthenticated user could this
issue to potentially escalate their privileges, disclose information
and/or create a denial of service via local access. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-12183)
It was discovered that EDK II incorrectly handled memory in the
Variable service under certain circumstances. An authenticated user could
use this issue to potentially escalate their privileges, disclose
information and/or create a denial of service via local access.
(CVE-2018-3613)
It was discovered that EDK II incorrectly handled memory in its system
firmware, which could lead to a buffer overflow. An unauthenticated user
could use this issue to potentially escalate their privileges and/or
create a denial of service via network access. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-0160)
less-643-5.fc40
Security fix for CVE-2024-32487 – less with LESSOPEN mishandles n in paths
less-633-3.fc39
Security fix for CVE-2024-32487 – less with LESSOPEN mishandles n in paths
kernel-6.9.12-200.fc40
The 6.9.12 stable kernel update contains a number of important fixes across the tree.
opentofu-1.7.3-3.fc40
Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789
opentofu-1.7.3-3.fc39
Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789
opentofu-1.7.3-3.fc41
Automatic update for opentofu-1.7.3-3.fc41.
* Sat Jul 27 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.7.3-3
– Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789 – Closes rhbz#2294255
rhbz#2294007 rhbz#2292714
