Read Time:7 Second
FEDORA-2024-2a466c6514
Packages in this update:
freeipa-4.12.1-1.fc40
Update description:
Fix CVE-2024-2698 and CVE-2024-3183
Category Archives: Advisories
ZDI-24-670: (0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Read Time:15 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3.
ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability
Read Time:18 Second
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5924.
ZDI-24-676: (0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability
Read Time:13 Second
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-5952.
ZDI-24-675: (0Day) Deep Sea Electronics DSE855 Factory Reset Missing Authentication Denial-of-Service Vulnerability
Read Time:13 Second
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.1. The following CVEs are assigned: CVE-2024-5951.
ZDI-24-674: (0Day) Deep Sea Electronics DSE855 Multipart Value Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5950.
ZDI-24-673: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Infinite Loop Denial-of-Service Vulnerability
Read Time:15 Second
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-5949.
ZDI-24-672: (0Day) Deep Sea Electronics DSE855 Multipart Boundary Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5948.
ZDI-24-671: (0Day) Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure Vulnerability
Read Time:14 Second
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.5. The following CVEs are assigned: CVE-2024-5947.
ZDI-24-682: Siemens Tecnomatix Plant Simulation MODEL File Parsing Type Confusion Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Tecnomatix Plant Simulation. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-35303.