An integer overflow in the EXIF metadata parsing was discovered in the
GStreamer media framework, which may result in denial of service or
potentially the execution of arbitrary code if a malformed file is
processed.
chromium-125.0.6422.141-1.fc40
update to 125.0.6422.141
High CVE-2024-5493: Heap buffer overflow in WebRTC
High CVE-2024-5494: Use after free in Dawn
High CVE-2024-5495: Use after free in Dawn
High CVE-2024-5496: Use after free in Media Session
High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
High CVE-2024-5498: Use after free in Presentation API
High CVE-2024-5499: Out of bounds write in Streams API
chromium-125.0.6422.141-1.fc39
update to 125.0.6422.141
High CVE-2024-5493: Heap buffer overflow in WebRTC
High CVE-2024-5494: Use after free in Dawn
High CVE-2024-5495: Use after free in Dawn
High CVE-2024-5496: Use after free in Media Session
High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
High CVE-2024-5498: Use after free in Presentation API
High CVE-2024-5499: Out of bounds write in Streams API
syncthing-1.27.7-1.el8
Update to version 1.27.7.
A vulnerability has been discovered in Check Point Security Gateway Products that could allow for credential access. A Check Point Security Gateway sits between an organization’s environment and the Internet to enforce policy and block threats and malware. Successful exploitation of this vulnerability could allow for credential access to local accounts due to an arbitrary file read vulnerability. Other sensitive files such as SSH keys and certificates may also be read. Depending on the privileges associated with the accounts, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Local accounts that are configured to have fewer rights on the system could be less impacted than those that operate with administrative rights.
plasma-workspace-5.27.11.1-1.fc39
CVE-2024-36041
plasma-workspace-6.0.5.1-1.fc40
CVE-2024-36041
It was discovered that GNU C Library nscd daemon contained a stack-based buffer
overflow. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-33599)
It was discovered that GNU C Library nscd daemon did not properly check the
cache content, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2024-33600)
It was discovered that GNU C Library nscd daemon did not properly validate
memory allocation in certain situations, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-33601)
It was discovered that GNU C Library nscd daemon did not properly handle memory
allocation, which could lead to memory corruption. A local attacker could use
this to cause a denial of service (system crash). (CVE-2024-33602)
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-22269.
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2024-22270.
