This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6147.
Category Archives: Advisories
DSA-5714-1 roundcube – security update
Huy Nguyễn Phạm Nhật, and Valentin T. and Lutz Wolf of CrowdStrike,
discovered that roundcube, a skinnable AJAX based webmail solution for
IMAP servers, did not correctly process and sanitize requests. This
would allow an attacker to perform Cross-Side Scripting (XSS) attacks.
DSA-5715-1 composer – security update
Two vulnerabilities have been discovered in Composer, a dependency
manager for PHP, which could result in arbitrary command execution by
operating on malicious git/hg repositories.
kitty-0.35.1-4.fc40
FEDORA-2024-15039ba9f9
Packages in this update:
kitty-0.35.1-4.fc40
Update description:
rebuild for rhbz#2292712
Business Logic Flaw and Username Enumeration in spa-cartcmsv1.9.0.6
Posted by Andrey Stoykov on Jun 15
# Exploit Title: Business Logic Flaw and Username Enumeration in
spa-cartcmsv1.9.0.6
# Date: 6/2024
# Exploit Author: Andrey Stoykov
# Version: 1.9.0.6
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html
<http://msecureltd.blogspot.com/>
Description
– It was found that the application suffers from business logic flaw
– Additionally the application is vulnerable to username…
DSA-5713-1 libndp – security update
A buffer overflow was discovered in libndp, a library implementing the
IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of
service or potentially the execution of arbitrary code if malformed
IPv6 router advertisements are processed.
python-PyMySQL-1.1.1-1.fc40
FEDORA-2024-b26f07d27b
Packages in this update:
python-PyMySQL-1.1.1-1.fc40
Update description:
Update to 1.1.1 to fix CVE CVE-2024-36039
python-PyMySQL-1.1.1-1.fc39
FEDORA-2024-e7141ab284
Packages in this update:
python-PyMySQL-1.1.1-1.fc39
Update description:
Update to 1.1.1 to fix CVE CVE-2024-36039
DSA-5711-1 thunderbird – security update
Multiple security issues were discovered in Thunderbird, which could
result inthe execution of arbitrary code.
DSA-5712-1 ffmpeg – security update
Several vulnerabilities have been discovered in the FFmpeg multimedia
framework, which could result in denial of service or potentially the
execution of arbitrary code if malformed files/streams are processed.