Read Time:7 Second
FEDORA-2024-a7976ba89f
Packages in this update:
curl-8.6.0-9.fc40
Update description:
fix freeing stack buffer in utf8asn1str (CVE-2024-6197)
Category Archives: Advisories
ZDI-24-965: Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-27829.
ZDI-24-966: Docker Desktop Daemon CLI External Control of File Path Denial-of-Service Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Docker Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2024-5652.
ZDI-24-974: IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6822.
ZDI-24-973: IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6821.
ZDI-24-972: IrfanView AWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6820.
ZDI-24-971: IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6819.
ZDI-24-970: IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6818.
ZDI-24-969: IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6817.
ZDI-24-968: IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:16 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6816.