This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-46906.
This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-12552.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-12553.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The ZDI has assigned a CVSS rating of 8.5.
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
What is the attack?Two security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found and are being actively exploited, putting many organizations at risk. These vulnerabilities allow attackers bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks. Mitel MiCollab is a popular solution that combines voice calling, video calling, chat, file sharing, screen sharing, and more into one platform for enterprise communications.What is the recommended Mitigation?Mitel has released fixes for the vulnerabilities. Organizations that have not implemented the latest patch are advised to do so immediately and monitor vendor advisories for further patch releases and information.What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch and follow any mitigation steps provided by the vendor if not done already.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.The FortiGuard Endpoint Vulnerability Service is available to detect vulnerable systems related to “Mitel MiCollab CVE-2024-35286 Access Control Bypass Vulnerability” FortiClient Vulnerability | FortiGuard LabsFortiGuard IPS protection is being reviewed to block any attack attempts related to CVE-2024–35286 & CVE-2024–41713.
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
A security vulnerability was discovered in Smarty, a template engine for
PHP, which could result in PHP code injection.
It was discovered that oFono incorrectly handled decoding SMS messages
leading to a stack overflow. A remote attacker could potentially use
this issue to cause a denial of service. (CVE-2023-4232, CVE-2023-4235)
thunderbird-128.5.2-1.fc40
Update to 128.5.2
https://www.thunderbird.net/en-US/thunderbird/128.5.2esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-69/
