Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-2 iOS 17.5 and iPadOS 17.5

iOS 17.5 and iPadOS 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214101.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

AppleAVD
Available for: iPhone XS and later, iPad Pro 12.9-inch 2nd generation
and later, iPad Pro…

Read More

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-13-2024-1 Safari 17.5

Safari 17.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214103.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Monterey and macOS Ventura
Impact: An attacker with arbitrary read and write capability may be able
to…

Read More

Posted by Apple Product Security via Fulldisclosure on May 14

APPLE-SA-05-08-2024-1 iTunes 12.13.2 for Windows

iTunes 12.13.2 for Windows addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT214099.

Apple maintains a Security Releases page at
https://support.apple.com/HT201222 which lists recent
software updates with security advisories.

CoreMedia
Available for: Windows 10 and later
Impact: Parsing a file may lead to an unexpected app…

Read More

Posted by Marco Ivaldi on May 14

Hi,

Please find attached a security advisory that describes multiple
vulnerabilities we discovered in RIOT OS.

* Title: Multiple vulnerabilities in RIOT OS
* OS: RIOT <= 2024.01
* Author: Marco Ivaldi <marco.ivaldi () hnsecurity it>
* Date: 2024-05-07
* CVE ID and severity:
* CVE-2024-31225 – High
* CVE-2024-32017 – Critical
* CVE-2024-32018 – High
(low-severity vulnerabilities were not assigned a CVE ID)
* Vendor URL:…

Read More

Posted by Egidio Romano on May 14

—————————————————————-
Cacti <= 1.2.26 (import.php) Remote Code Execution Vulnerability
—————————————————————-

[-] Software Link:

https://cacti.net

[-] Affected Versions:

Version 1.2.26 and prior versions.

[-] Vulnerability Description:

The vulnerability is located within the “import_package()” function
defined into the /lib/import.php script….

Read More

FEDORA-2024-a2c6c8afa9

Packages in this update:

firefox-126.0-5.fc39

Update description:

new upstream update (126.0)

Read More

FEDORA-2024-6dd1f32f22

Packages in this update:

firefox-126.0-5.fc38

Update description:

new upstream update (126.0)

New upstream version (125.0.3)

Latest upstream release.

Read More

FEDORA-2024-eabe68b149

Packages in this update:

firefox-126.0-5.fc40

Update description:

new upstream update (126.0)

Read More

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More