This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6153.

Read More

This vulnerability allows local attackers to escalate privileges on affected installations of Poly Plantronics Hub. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-6147.

Read More

Huy Nguyễn Phạm Nhật, and Valentin T. and Lutz Wolf of CrowdStrike,
discovered that roundcube, a skinnable AJAX based webmail solution for
IMAP servers, did not correctly process and sanitize requests. This
would allow an attacker to perform Cross-Side Scripting (XSS) attacks.

https://security-tracker.debian.org/tracker/DSA-5714-1

Read More

Two vulnerabilities have been discovered in Composer, a dependency
manager for PHP, which could result in arbitrary command execution by
operating on malicious git/hg repositories.

https://security-tracker.debian.org/tracker/DSA-5715-1

Read More

FEDORA-2024-15039ba9f9

Packages in this update:

kitty-0.35.1-4.fc40

Update description:

rebuild for rhbz#2292712

Read More

Posted by Andrey Stoykov on Jun 15

# Exploit Title: Business Logic Flaw and Username Enumeration in
spa-cartcmsv1.9.0.6
# Date: 6/2024
# Exploit Author: Andrey Stoykov
# Version: 1.9.0.6
# Tested on: Ubuntu 22.04
# Blog:
https://msecureltd.blogspot.com/2024/04/friday-fun-pentest-series-5-spa.html
<http://msecureltd.blogspot.com/>

Description

– It was found that the application suffers from business logic flaw

– Additionally the application is vulnerable to username…

Read More

A buffer overflow was discovered in libndp, a library implementing the
IPv6 Neighbor Discovery Protocol (NDP), which could result in denial of
service or potentially the execution of arbitrary code if malformed
IPv6 router advertisements are processed.

https://security-tracker.debian.org/tracker/DSA-5713-1

Read More

FEDORA-2024-b26f07d27b

Packages in this update:

python-PyMySQL-1.1.1-1.fc40

Update description:

Update to 1.1.1 to fix CVE CVE-2024-36039

Read More

FEDORA-2024-e7141ab284

Packages in this update:

python-PyMySQL-1.1.1-1.fc39

Update description:

Update to 1.1.1 to fix CVE CVE-2024-36039

Read More

Multiple security issues were discovered in Thunderbird, which could
result inthe execution of arbitrary code.

https://security-tracker.debian.org/tracker/DSA-5711-1

Read More