FEDORA-2024-73f181db2a
Packages in this update:
mingw-python-urllib3-1.26.19-1.fc39
Update description:
Update to 1.26.19, fixes CVE-2024-0444.
mingw-python-urllib3-1.26.19-1.fc39
Update to 1.26.19, fixes CVE-2024-0444.
mingw-python-urllib3-1.26.19-1.fc40
Update to 1.26.19, fixes CVE-2024-0444.
Posted by Security Explorations on Jun 21
Hello All,
On Jun 11, 2024 Microsoft engineer posted on a public forum
information about a crash experienced with Apple TV service on a
Surface Pro 9 device [1].
The post had an attachment – a 771MB file (4GB unpacked), which leaked
internal code (260+ files [2]) pertaining to Microsoft PlayReady such
as the following:
– Warbird configuration for building PlayReady library
– Warbird library implementing code obfuscation functionality
– static…
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-6249.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-6248.
This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8. The following CVEs are assigned: CVE-2024-6247.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.6. The following CVEs are assigned: CVE-2024-6246.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 IP cameras. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8.
This vulnerability allows network-adjacent attackers to downgrade Synology software on affected installations of Synology BC500 cameras. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.8.
This vulnerability allows local attackers to escalate privileges on affected installations of Synology BC500 cameras. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.