This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8. The following CVEs are assigned: CVE-2024-21901.
This vulnerability allows remote attackers to make arbitrary changes to configuration on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.1. The following CVEs are assigned: CVE-2024-21899.
kernel-6.8.10-100.fc38
The 6.8.10 stable kernel update contains a number of important fixes across the tree
kernel-6.8.10-200.fc39
The 6.8.10 stable kernel update contains a number of important fixes across the tree
kernel-6.8.10-300.fc40
The 6.8.10 stable kernel update contains a number of important fixes across the tree
dotnet8.0-8.0.105-1.fc40
This is the May 2024 release for .NET 8.
This is a security update for .NET 8.
Release notes: https://github.com/dotnet/core/blob/main/release-notes/8.0/8.0.5/8.0.5.md
webkitgtk-2.44.2-1.fc40
Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834
webkitgtk-2.44.2-1.fc39
Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834
thunderbird-115.11.0-1.fc38
Update to 115.11.0
https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
https://www.thunderbird.net/en-US/thunderbird/115.11.0/releasenotes/
chromium-125.0.6422.60-1.el8
update to 125.0.6422.60
High CVE-2024-4947: Type Confusion in V8
High CVE-2024-4948: Use after free in Dawn
Medium CVE-2024-4949: Use after free in V8
Low CVE-2024-4950: Inappropriate implementation in Downloads
update to 124.0.6367.201
* High CVE-2024-4671: Use after free in Visuals
update to 124.0.6367.155
High CVE-2024-4558: Use after free in ANGLE
High CVE-2024-4559: Heap buffer overflow in WebAudio
update to 124.0.6367.118
High CVE-2024-4331: Use after free in Picture In Picture
High CVE-2024-4368: Use after free in Dawn
