Read Time:8 Second
FEDORA-2024-4d4ceb61f7
Packages in this update:
pgadmin4-8.6-1.fc40
python-libgravatar-1.0.4-1.fc40
Update description:
Update to pgadmin4-8.6
Category Archives: Advisories
ZDI-24-450: (0Day) D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8.
ZDI-24-449: (0Day) D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8.
ZDI-24-448: (0Day) D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability
Read Time:13 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 8.8.
ZDI-24-447: (0Day) D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability
Read Time:10 Second
This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.8.
ZDI-24-446: (0Day) D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability
Read Time:11 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.
ZDI-24-445: (0Day) D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability
Read Time:12 Second
This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 4.3.
ZDI-24-444: (0Day) D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability
Read Time:12 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.
ZDI-24-443: (0Day) D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Read Time:15 Second
This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3.
ZDI-24-442: (0Day) D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability
Read Time:11 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.