FEDORA-2024-ecba8476e2

Packages in this update:

git-2.45.1-1.fc40

Update description:

update to 2.45.1

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NI FlexLogger. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-4044.

Read More

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 9.9. The following CVEs are assigned: CVE-2024-28075.

Read More

This vulnerability allows remote attackers to bypass authentication on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.6. The following CVEs are assigned: CVE-2024-23473.

Read More

Multiple vulnerabilities have been discovered in Mozilla Products, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple vulnerabilities have been discovered in Siemens Ruggedcom Crossbow, the most severe of which could allow for arbitrary code execution. Siemens Ruggedcom Crossbow Access Management solution designed to provide cybersecurity compliance for industrial control systems. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code or clickjacking.

https://security-tracker.debian.org/tracker/DSA-5691-1

Read More

Amel Bouziane-Leblond discovered that LibreOffice’s support for binding
scripts to click events on graphics could result in unchecked script
execution.

https://security-tracker.debian.org/tracker/DSA-5690-1

Read More

A security issue was discovered in Chromium, which could result
in the execution of arbitrary code, denial of service or information
disclosure. Google is aware that an exploit for CVE-2024-4761 exists
in the wild.

https://security-tracker.debian.org/tracker/DSA-5689-1

Read More

Multiple security issues were discovered in Ghostscript, the GPL
PostScript/PDF interpreter, which could result in denial of service and
potentially the execution of arbitrary code if malformed document files
are processed.

https://security-tracker.debian.org/tracker/DSA-5692-1

Read More