Read Time:8 Second
FEDORA-2024-a61be271bb
Packages in this update:
firefox-127.0.2-1.fc39
Update description:
New upstream version (127.0.2)
New upstream version (127.0)
Category Archives: Advisories
USN-6847-1: libheif vulnerabilities
Read Time:1 Minute, 4 Second
It was discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 18.04 LTS.
(CVE-2019-11471)
Reza Mirzazade Farkhani discovered that libheif incorrectly handled
certain image data. An attacker could possibly use this issue to crash the
program, resulting in a denial of service. This issue only affected Ubuntu
20.04 LTS. (CVE-2020-23109)
Eugene Lim discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-0996)
Min Jang discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2023-29659)
Yuchuan Meng discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program, resulting
in a denial of service. This issue only affected Ubuntu 23.10.
(CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464)
Multiple Vulnerabilities in Progress MOVEit Products Could Allow for Authentication Bypass
Read Time:21 Second
Multiple vulnerabilities have been discovered in MOVEit products, which could allow for authentication bypass.
MOVEit Gateway acts as a proxy between inbound connections from the public network and your internal trusted network.
MOVEit Transfer is a secure managed file transfer application.
Successful exploitation of these vulnerabilities could allow for an attacker to bypass authentication. An attacker could then view, change, or delete data; or create new accounts with full user rights.
Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution
Read Time:28 Second
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
USN-6846-1: Ansible vulnerabilities
Read Time:31 Second
It was discovered that Ansible incorrectly handled certain inputs when using
tower_callback parameter. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain sensitive information. This issue only affected Ubuntu
18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. (CVE-2022-3697)
It was discovered that Ansible incorrectly handled certain inputs. If a user or
an automated system were tricked into opening a specially crafted input file, a
remote attacker could possibly use this issue to perform a Template Injection.
(CVE-2023-5764)
emacs-29.4-2.fc39
Read Time:10 Second
FEDORA-2024-3fedeba41f
Packages in this update:
emacs-29.4-2.fc39
Update description:
Update to version 29.4, fixing CVE-2024-39331.
Update to Emacs 29.4, fixing CVE-2024-39331.
firefox-127.0-2.fc39
Read Time:6 Second
FEDORA-2024-8a0ad30961
Packages in this update:
firefox-127.0-2.fc39
Update description:
New upstream version (127.0)
ZDI-24-882: VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability
Read Time:14 Second
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.3. The following CVEs are assigned: CVE-2024-37087.
SEC Consult SA-20240624-0 :: Multiple Vulnerabilities allowing complete bypass in Faronics WINSelect (Standard + Enterprise)
Read Time:18 Second
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Jun 24
SEC Consult Vulnerability Lab Security Advisory < 20240624-0 >
=======================================================================
title: Multiple Vulnerabilities allowing complete bypass
product: Faronics WINSelect (Standard + Enterprise)
vulnerable version: <8.30.xx.903
fixed version: 8.30.xx.903
CVE number: CVE-2024-36495, CVE-2024-36496, CVE-2024-36497
impact: high…
DSA-5719-1 emacs – security update
Read Time:13 Second
It was discovered that Emacs is prone to arbitrary shell code evaluation
when opening a specially crafted Org file.
This update includes updates pending for the upcoming point releases
including other security fixes.