This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.0. The following CVEs are assigned: CVE-2024-12552.
Category Archives: Advisories
ZDI-24-1682: GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-12553.
ZDI-24-1688: Linux Kernel ksmbd PreviousSessionId Race Condition Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The ZDI has assigned a CVSS rating of 8.5.
Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution
Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Mitel MiCollab Unauthorized Access (CVE-2024–35286 & CVE-2024–41713)
What is the attack?Two security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found and are being actively exploited, putting many organizations at risk. These vulnerabilities allow attackers bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks. Mitel MiCollab is a popular solution that combines voice calling, video calling, chat, file sharing, screen sharing, and more into one platform for enterprise communications.What is the recommended Mitigation?Mitel has released fixes for the vulnerabilities. Organizations that have not implemented the latest patch are advised to do so immediately and monitor vendor advisories for further patch releases and information.What FortiGuard Coverage is available?FortiGuard recommends users to apply the patch and follow any mitigation steps provided by the vendor if not done already.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.The FortiGuard Endpoint Vulnerability Service is available to detect vulnerable systems related to “Mitel MiCollab CVE-2024-35286 Access Control Bypass Vulnerability” FortiClient Vulnerability | FortiGuard LabsFortiGuard IPS protection is being reviewed to block any attack attempts related to CVE-2024–35286 & CVE-2024–41713.
DSA-5829-1 chromium – security update
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.
DSA-5830-1 smarty4 – security update
A security vulnerability was discovered in Smarty, a template engine for
PHP, which could result in PHP code injection.
USN-7151-1: oFono vulnerabilities
It was discovered that oFono incorrectly handled decoding SMS messages
leading to a stack overflow. A remote attacker could potentially use
this issue to cause a denial of service. (CVE-2023-4232, CVE-2023-4235)
thunderbird-128.5.2-1.fc40
FEDORA-2024-9b2a9cdf0b
Packages in this update:
thunderbird-128.5.2-1.fc40
Update description:
Update to 128.5.2
https://www.thunderbird.net/en-US/thunderbird/128.5.2esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-69/
thunderbird-128.5.2-1.fc41
FEDORA-2024-b32b4e1b88
Packages in this update:
thunderbird-128.5.2-1.fc41
Update description:
Update to 128.5.2
https://www.thunderbird.net/en-US/thunderbird/128.5.2esr/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-69/