This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Phoenix Contact CHARX SEC-3100 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 5.0. The following CVEs are assigned: CVE-2024-26001.
Category Archives: Advisories
kitty-0.31.0-3.fc39
FEDORA-2024-c7b79bc227
Packages in this update:
kitty-0.31.0-3.fc39
Update description:
rebuild for rhbz#2292712
python-requests-2.32.3-1.fc41
FEDORA-2024-b5c6704062
Packages in this update:
python-requests-2.32.3-1.fc41
Update description:
Automatic update for python-requests-2.32.3-1.fc41.
Changelog
* Wed Jun 19 2024 Lumír Balhar <lbalhar@redhat.com> – 2.32.3-1
– Update to 2.32.3 (rhbz#2281881)
– Fix for CVE-2024-35195 (rhbz#2282205)
USN-6842-1: gdb vulnerabilities
It was discovered that gdb incorrectly handled certain memory operations
when parsing an ELF file. An attacker could possibly use this issue
to cause a denial of service. This issue is the result of an
incomplete fix for CVE-2020-16599. This issue only affected
Ubuntu 22.04 LTS. (CVE-2022-4285)
It was discovered that gdb incorrectly handled memory leading
to a heap based buffer overflow. An attacker could use this
issue to cause a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS.
(CVE-2023-1972)
It was discovered that gdb incorrectly handled memory leading
to a stack overflow. An attacker could possibly use this issue
to cause a denial of service. This issue only affected
Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-39128)
It was discovered that gdb had a use after free vulnerability
under certain circumstances. An attacker could use this to cause
a denial of service or possibly execute arbitrary code. This issue
only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
and Ubuntu 22.04 LTS. (CVE-2023-39129)
It was discovered that gdb incorrectly handled memory leading to a
heap based buffer overflow. An attacker could use this issue to cause
a denial of service, or possibly execute arbitrary code. This issue
only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.
(CVE-2023-39130)
chromium-126.0.6478.114-1.fc39
FEDORA-2024-dd14eefb0e
Packages in this update:
chromium-126.0.6478.114-1.fc39
Update description:
update to 126.0.6478.114
High CVE-2024-6100: Type Confusion in V8
High CVE-2024-6101: Inappropriate implementation in WebAssembly
High CVE-2024-6102: Out of bounds memory access in Dawn
High CVE-2024-6103: Use after free in Dawn
chromium-126.0.6478.114-1.fc40
FEDORA-2024-d2b54d5a9d
Packages in this update:
chromium-126.0.6478.114-1.fc40
Update description:
update to 126.0.6478.114
High CVE-2024-6100: Type Confusion in V8
High CVE-2024-6101: Inappropriate implementation in WebAssembly
High CVE-2024-6102: Out of bounds memory access in Dawn
High CVE-2024-6103: Use after free in Dawn
ZDI-24-820: Windscribe Directory Traversal Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Windscribe. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6141.
ZDI-24-819: VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5930.
ZDI-24-818: VIPRE Advanced Security PMAgent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5929.
ZDI-24-817: VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5928.