USN-6715-1 fixed a vulnerability in unixODBC. This update provides the
corresponding fix for Ubuntu 24.04 LTS.
Original advisory details:
It was discovered that unixODBC incorrectly handled certain bytes.
An attacker could use this issue to execute arbitrary code or cause
a crash.
libvirt-10.1.0-2.fc40
Fix crash in event loop (CVE-2024-4418)
Fix leak of GSource object
Fix leak of udev object reference
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-5597.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2024-0444.
A use-after-free was discovered in tinyproxy, a lightweight, non-caching,
optionally anonymizing HTTP proxy, which could result in denial of
service.
Multiple security issues were discovered in Pillow, a Python imaging
library, which could result in denial of service or the execution of
arbitrary code if malformed images are processed.
An integer overflow vulnerability in the rar e8 filter was discovered in
libarchive, a multi-format archive and compression library, which may
result in the execution of arbitrary code if a specially crafted RAR
archive is processed.
Multiple vulnerabilities have been discovered in Progress Telerik Report Server, which could allow for remote code execution. Telerik Report Server provides centralized management for Progress’ business intelligence reporting suite through a web application. Successful chain exploitation of these vulnerabilities could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have fewer rights on the system could be less impacted than those who operate with administrative rights.
