Read Time:9 Second
FEDORA-2024-3b4c7849ab
Packages in this update:
python-dns-2.6.1-1.fc39
Update description:
Update to 2.6.1 (rhbz#2263657)
Fix for CVE-2023-29483 (rhbz#2274685)
Category Archives: Advisories
freeipa-4.12.1-1.fc39
Read Time:7 Second
FEDORA-2024-1d1b485611
Packages in this update:
freeipa-4.12.1-1.fc39
Update description:
Fix CVE-2024-2698 and CVE-2024-3183
freeipa-4.12.1-1.fc40
Read Time:7 Second
FEDORA-2024-2a466c6514
Packages in this update:
freeipa-4.12.1-1.fc40
Update description:
Fix CVE-2024-2698 and CVE-2024-3183
ZDI-24-670: (0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Read Time:15 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3.
ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability
Read Time:18 Second
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5924.
ZDI-24-676: (0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability
Read Time:13 Second
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-5952.
ZDI-24-675: (0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability
Read Time:13 Second
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-5951.
ZDI-24-674: (0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5950.
ZDI-24-673: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability
Read Time:15 Second
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-5949.
ZDI-24-672: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5948.