This vulnerability allows remote attackers to delete arbitrary files and disclose sensitive information on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2024-28992.
Category Archives: Advisories
ZDI-24-1019: (Pwn2Own) Docker Desktop extension-manager Exposed Dangerous Function Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to execute high-privileged code within the container in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-6222.
USN-6916-1: Lua vulnerabilities
It was discovered that Lua did not properly generate code when “_ENV” is
constant. An attacker could possibly use this issue to cause a denial of
service or execute arbitrary unstrusted lua code. (CVE-2022-28805)
It was discovered that Lua did not properly handle C stack overflows during
error handling. An attacker could possibly use this issue to cause a denial
of service. (CVE-2022-33099)
USN-6920-1: EDK II vulnerabilities
It was discovered that EDK II was not properly performing bounds checks
in Tianocompress, which could lead to a buffer overflow. An authenticated
user could use this issue to potentially escalate their privileges via
local access. (CVE-2017-5731)
It was discovered that EDK II had an insufficient memory write check in
the SMM service, which could lead to a page fault occurring. An
authenticated user could use this issue to potentially escalate their
privileges, disclose information and/or create a denial of service via
local access. (CVE-2018-12182)
It was discovered that EDK II incorrectly handled memory in DxeCore, which
could lead to a stack overflow. An unauthenticated user could this
issue to potentially escalate their privileges, disclose information
and/or create a denial of service via local access. This issue only
affected Ubuntu 18.04 LTS. (CVE-2018-12183)
It was discovered that EDK II incorrectly handled memory in the
Variable service under certain circumstances. An authenticated user could
use this issue to potentially escalate their privileges, disclose
information and/or create a denial of service via local access.
(CVE-2018-3613)
It was discovered that EDK II incorrectly handled memory in its system
firmware, which could lead to a buffer overflow. An unauthenticated user
could use this issue to potentially escalate their privileges and/or
create a denial of service via network access. This issue only affected
Ubuntu 18.04 LTS. (CVE-2019-0160)
less-643-5.fc40
FEDORA-2024-c0e7a4f5ef
Packages in this update:
less-643-5.fc40
Update description:
Security fix for CVE-2024-32487 – less with LESSOPEN mishandles n in paths
less-633-3.fc39
FEDORA-2024-c94f884440
Packages in this update:
less-633-3.fc39
Update description:
Security fix for CVE-2024-32487 – less with LESSOPEN mishandles n in paths
kernel-6.9.12-200.fc40
FEDORA-2024-873e2cb5f2
Packages in this update:
kernel-6.9.12-200.fc40
Update description:
The 6.9.12 stable kernel update contains a number of important fixes across the tree.
opentofu-1.7.3-3.fc40
FEDORA-2024-69692d6fac
Packages in this update:
opentofu-1.7.3-3.fc40
Update description:
Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789
opentofu-1.7.3-3.fc39
FEDORA-2024-a076d7ae8e
Packages in this update:
opentofu-1.7.3-3.fc39
Update description:
Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789
opentofu-1.7.3-3.fc41
FEDORA-2024-8669c2a944
Packages in this update:
opentofu-1.7.3-3.fc41
Update description:
Automatic update for opentofu-1.7.3-3.fc41.
Changelog
* Sat Jul 27 2024 Mikel Olasagasti Uranga <mikel@olasagasti.info> – 1.7.3-3
– Fix for CVE-2024-6257 CVE-2024-6104 CVE-2024-24789 – Closes rhbz#2294255
rhbz#2294007 rhbz#2292714