Category Archives: Advisories

ZDI-24-472: (Pwn2Own) QNAP TS-464 Netmgr Endpoint CRLF Injection Arbitrary Configuration Update Vulnerability

Read Time:18 Second

This vulnerability allows remote attackers to create arbitrary configurations on affected installations of QNAP TS-464 NAS devices. An attacker must first obtain the ability to access the device’s localhost interface, which can be accomplished using a malicious TURN server. The ZDI has assigned a CVSS rating of 7.4. The following CVEs are assigned: CVE-2024-32764.

Read More

webkitgtk-2.44.2-1.fc40

Read Time:34 Second

FEDORA-2024-1f37da80ec

Packages in this update:

webkitgtk-2.44.2-1.fc40

Update description:

Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834

Read More

webkitgtk-2.44.2-1.fc39

Read Time:34 Second

FEDORA-2024-3b912f1f3e

Packages in this update:

webkitgtk-2.44.2-1.fc39

Update description:

Make gamepads visible on axis movements, and not only on button presses.
Disable the gst-libav AAC decoder.
Make user scripts and style sheets visible in the Web Inspector.
Use the geolocation portal where available, with the existing geoclue as fallback if the portal is not usable.
Use the printing portal when running sandboxed.
Use the file transfer portal for drag and drop when running sandboxed.
Avoid notifying an empty cursor rectangle to input methods.
Remove empty bar shown in detached inspector windows.
Consider keycode when activating application accelerators.
Fix several crashes and rendering issues.
Fix CVE-2024-27834

Read More