Category Archives: Advisories

USN-7062-2: libgsf vulnerabilities

Read Time:18 Second

USN-7062-1 fixed vulnerabilities in libgsf. This update provides the
corresponding updates for Ubuntu 24.10.

Original advisory details:

It was discovered that libgsf incorrectly handled certain Compound
Document Binary files. If a user or automated system were tricked into
opening a specially crafted file, a remote attacker could possibly use
this issue to execute arbitrary code.

Read More

USN-7042-3: cups-browsed vulnerability

Read Time:26 Second

USN-7042-2 released an improved fix for cups-browsed. This update provides
the corresponding update for Ubuntu 24.10.

Original advisory details:

Simone Margaritelli discovered that cups-browsed could be used to create
arbitrary printers from outside the local network. In combination with
issues in other printing components, a remote attacker could possibly use
this issue to connect to a system, created manipulated PPD files, and
execute arbitrary code when a printer is used. This update disables
support for the legacy CUPS printer discovery protocol.

Read More

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software

Read Time:15 Second

Posted by Jeroen Hermans via Fulldisclosure on Oct 20

CloudAware Security Advisory

CVE-2024-48939: Unauthorized enabling of API in Paxton Net2 software

========================================================================
Summary
========================================================================
Bypass of Paxton Net2 API license. Possible leaking of PII and access to
admin functionality.
No physical access to computer running Paxton Net2 is required….

Read More

USN-7077-1: AMD Microcode vulnerability

Read Time:15 Second

Enrique Nissim and Krzysztof Okupski discovered that some AMD processors
did not properly restrict access to the System Management Mode (SMM)
configuration when the SMM Lock was enabled. A privileged local attacker
could possibly use this issue to further escalate their privileges and
execute arbitrary code within the processor’s firmware layer.

Read More