Read Time:7 Second
FEDORA-2024-b0fc600c3c
Packages in this update:
yarnpkg-1.22.22-4.fc41
Update description:
Update bundled elliptic to fix CVE-2024-48949.
Category Archives: Advisories
yarnpkg-1.22.22-4.fc40
Read Time:7 Second
FEDORA-2024-6955bcc801
Packages in this update:
yarnpkg-1.22.22-4.fc40
Update description:
Update bundled elliptic to fix CVE-2024-48949.
USN-7020-4: Linux kernel vulnerabilities
Read Time:18 Second
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
– GPU drivers;
– Network drivers;
– SCSI drivers;
– F2FS file system;
– BPF subsystem;
– IPv4 networking;
(CVE-2024-42228, CVE-2024-42154, CVE-2024-42160, CVE-2024-42159,
CVE-2024-41009, CVE-2024-42224)
ZDI-24-1335: SonicWALL Connect Tunnel Link Following Denial-of-Service Vulnerability
Read Time:18 Second
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.1. The following CVEs are assigned: CVE-2024-45315.
ZDI-24-1334: SonicWALL Connect Tunnel Link Following Local Privilege Escalation Vulnerability
Read Time:17 Second
This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL Connect Tunnel. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-45316.
ZDI-24-1336: Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability
Read Time:16 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9766.
ZDI-24-1381: Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9730.
ZDI-24-1380: Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9729.
ZDI-24-1379: Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9719.
ZDI-24-1378: Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
Read Time:17 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-9718.