This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5928.
Category Archives: Advisories
ZDI-24-816: Microsoft Windows Menu DC Bitmap Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-30082.
ZDI-24-821: Linux Kernel TIPC Message Reassembly Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with TIPC bearer enabled are vulnerable. The ZDI has assigned a CVSS rating of 9.0. The following CVEs are assigned: CVE-2024-36886.
DSA-5717-1 php8.2 – security update
It was discovered that user validation was incorrectly implemented
for filter_var(FILTER_VALIDATE_URL).
chromium-126.0.6478.114-1.el7
FEDORA-EPEL-2024-40073a5fd9
Packages in this update:
chromium-126.0.6478.114-1.el7
Update description:
update to 126.0.6478.114
High CVE-2024-6100: Type Confusion in V8
High CVE-2024-6101: Inappropriate implementation in WebAssembly
High CVE-2024-6102: Out of bounds memory access in Dawn
High CVE-2024-6103: Use after free in Dawn
chromium-126.0.6478.114-1.el8
FEDORA-EPEL-2024-6b799a502a
Packages in this update:
chromium-126.0.6478.114-1.el8
Update description:
update to 126.0.6478.114
High CVE-2024-6100: Type Confusion in V8
High CVE-2024-6101: Inappropriate implementation in WebAssembly
High CVE-2024-6102: Out of bounds memory access in Dawn
High CVE-2024-6103: Use after free in Dawn
chromium-126.0.6478.114-1.el9
FEDORA-EPEL-2024-32c5029d69
Packages in this update:
chromium-126.0.6478.114-1.el9
Update description:
update to 126.0.6478.114
High CVE-2024-6100: Type Confusion in V8
High CVE-2024-6101: Inappropriate implementation in WebAssembly
High CVE-2024-6102: Out of bounds memory access in Dawn
High CVE-2024-6103: Use after free in Dawn
thunderbird-115.12.1-1.fc39
FEDORA-2024-6de8bb7c1b
Packages in this update:
thunderbird-115.12.1-1.fc39
Update description:
Update to 115.12.1
https://www.thunderbird.net/en-US/thunderbird/115.12.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/
Update to 115.12.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/
https://www.thunderbird.net/en-US/thunderbird/115.12.0/releasenotes/
thunderbird-115.12.1-1.fc40
FEDORA-2024-bf1c613d5a
Packages in this update:
thunderbird-115.12.1-1.fc40
Update description:
Update to 115.12.1
https://www.thunderbird.net/en-US/thunderbird/115.12.1/releasenotes/
https://www.mozilla.org/en-US/security/advisories/mfsa2024-28/
USN-6841-1: PHP vulnerability
It was discovered that PHP could early return in the filter_var function
resulting in invalid user information being treated as valid user
information. An attacker could possibly use this issue to expose raw
user input information.