This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.2. The following CVEs are assigned: CVE-2024-21121.
Category Archives: Advisories
DSA-5710-1 chromium – security update
Security issues were discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure.
python39-jinja2-epel-3.1.3-1.2.el8
FEDORA-EPEL-2024-f52b6219ca
Packages in this update:
python39-jinja2-epel-3.1.3-1.2.el8
Update description:
Backported fix for CVE-2024-34064
ghostscript-10.02.1-9.fc40
FEDORA-2024-939eac36ae
Packages in this update:
ghostscript-10.02.1-9.fc40
Update description:
Security fix for CVE-2024-33871
python-dns-2.6.1-1.fc39
FEDORA-2024-3b4c7849ab
Packages in this update:
python-dns-2.6.1-1.fc39
Update description:
Update to 2.6.1 (rhbz#2263657)
Fix for CVE-2023-29483 (rhbz#2274685)
freeipa-4.12.1-1.fc39
FEDORA-2024-1d1b485611
Packages in this update:
freeipa-4.12.1-1.fc39
Update description:
Fix CVE-2024-2698 and CVE-2024-3183
freeipa-4.12.1-1.fc40
FEDORA-2024-2a466c6514
Packages in this update:
freeipa-4.12.1-1.fc40
Update description:
Fix CVE-2024-2698 and CVE-2024-3183
ZDI-24-670: (0Day) Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3.
ZDI-24-677: (0Day) Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-5924.
ZDI-24-676: (0Day) Deep Sea Electronics DSE855 Restart Missing Authentication Denial-of-Service Vulnerability
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Deep Sea Electronics DSE855 devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3. The following CVEs are assigned: CVE-2024-5952.