It was discovered that LibreOffice incorrectly performed TLS certificate
verification when the LibreOfficeKit library is being used by third-party
components. A remote attacker could possibly use this issue to obtain
sensitive information.
python3.6-3.6.15-29.fc39
Security fix for CVE-2024-4032 (rhbz#2293394)
python3.6-3.6.15-31.fc40
Security fix for CVE-2024-4032 (rhbz#2293394)
python3.6-3.6.15-31.fc41
Automatic update for python3.6-3.6.15-31.fc41.
* Tue Jul 2 2024 Lumír Balhar <lbalhar@redhat.com> – 3.6.15-31
– Security fix for CVE-2024-4032 (rhbz#2293394)
Posted by Thomas Weber via Fulldisclosure on Jul 03
CyberDanube Security Research 20240703-0
——————————————————————————-
title| Authenticated Command Injection
product| Helmholz Industrial Router REX100
| MBConnectline mbNET.mini
vulnerable version| <= 2.2.11
fixed version| 2.2.13
CVE number| CVE-2024-5672
impact| High
homepage|…
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jul 03
SEC Consult Vulnerability Lab Security Advisory < 20240627-0 >
=======================================================================
title: Local Privilege Escalation via MSI installer
product: SoftMaker Office / FreeOffice
vulnerable version: SoftMaker Office 2024 / NX before revision 1214
FreeOffice 2021 Revision 1068
FreeOffice 2024 before revision 1215…
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jul 03
SEC Consult Vulnerability Lab Security Advisory < 20240626-0 >
=======================================================================
title: Multiple Vulnerabilities in Power Automation Products
product: Siemens CP-8000/CP-8021/CP8-022/CP-8031/CP-8050/SICORE
vulnerable version: CPC80 < V16.41 / CPCI85 < V5.30 / OPUPI0 < V5.30 / SICORE < V1.3.0 /
CPCX26 < V06.02 for CP-2016…
Posted by Sandro Gauci via Fulldisclosure on Jul 03
Dear Colleagues,
We have published a new blog post discussing a novel Denial-of-Service (DoS) vulnerability affecting WebRTC media
servers.
## Executive summary (TL;DR)
A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP,
specifically in their handling of ClientHello messages. This vulnerability arises from a race condition between ICE and
DTLS traffic and can be exploited…
Posted by Apple Product Security via Fulldisclosure on Jul 03
APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPods
Firmware Update 6F8, and Beats Firmware Update 6F8
AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and
Beats Firmware Update 6F8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214111.
Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates…
Posted by Pierre Kim on Jul 03
No message preview for long message of 338832 bytes.
