Category Archives: Advisories

ZDI-24-1514: (0Day) Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability

November 19, 2024

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-11393.

Advisories

ZDI-24-1513: (0Day) Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability

November 19, 2024

Read Time:17 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-11392.

Advisories

ZDI-24-1517: McAfee Total Protection Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

November 19, 2024

Read Time:17 Second

This vulnerability allows local attackers to escalate privileges on affected installations of McAfee Total Protection. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.7. The following CVEs are assigned: CVE-2024-49592.

Advisories

ZDI-24-1516: Trend Micro Deep Security Agent Manual Scan Command Injection Remote Code Execution Vulnerability

November 19, 2024

Read Time:13 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Deep Security Agent. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-51503.

Advisories

python-aiohttp-3.9.5-2.fc40

November 19, 2024

Read Time:7 Second

FEDORA-2024-04ceb82dc7

Packages in this update:

python-aiohttp-3.9.5-2.fc40

Update description:

Security fix for CVE-2024-52304

Advisories

python-aiohttp-3.10.5-3.fc41

November 19, 2024

Read Time:7 Second

FEDORA-2024-49df7093ac

Packages in this update:

python-aiohttp-3.10.5-3.fc41

Update description:

Security fix for CVE-2024-52304

Advisories

libsndfile-1.2.2-5.fc41

November 18, 2024

Read Time:8 Second

FEDORA-2024-1318318e7a

Packages in this update:

libsndfile-1.2.2-5.fc41

Update description:

fix crash in in ogg vorbis (#2322326) (CVE-2024-50612)

Advisories

Multiple Vulnerabilities in Palo Alto PAN-OS Could Allow for Authentication Bypass

November 18, 2024

Read Time:17 Second

Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for authentication bypass. PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls. Successful exploitation could allow for authentication bypass with administrator privileges. An attacker could then install programs; view, change, or delete data.