This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. User interaction is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.5. The following CVEs are assigned: CVE-2023-51633.

Read More

FEDORA-2024-0c9d3b51d4

Packages in this update:

tpm2-tools-5.7-1.fc40
tpm2-tss-4.1.0-1.fc40

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038
Fixed CVE-2024-29039

Read More

FEDORA-2024-4512dc54af

Packages in this update:

tpm2-tools-5.5.1-1.fc39
tpm2-tss-4.0.2-1.fc39

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038
Fixed CVE-2024-29039

Read More

FEDORA-2024-3265d70b61

Packages in this update:

tpm2-tools-5.5.1-1.fc38
tpm2-tss-4.0.2-1.fc38

Update description:

tpm2-tss:

Fixed CVE-2024-29040

tpm2-tools:

Fixed CVE-2024-29038
Fixed CVE-2024-29039

Read More

FEDORA-2024-a1246372a4

Packages in this update:

webkit2gtk4.0-2.44.1-1.fc40

Update description:

Update to 2.44.1

Read More

FEDORA-2024-bc0db39a14

Packages in this update:

kernel-6.8.8-200.fc39

Update description:

The 6.8.8 stable kernel update contains a number of important fixes across the tree.

Read More

FEDORA-2024-f35f9525d6

Packages in this update:

kernel-6.8.8-100.fc38

Update description:

The 6.8.8 stable kernel update contains a number of important fixes across the tree.

Read More

FEDORA-2024-010fe8772a

Packages in this update:

kernel-6.8.8-300.fc40

Update description:

The 6.8.8 stable kernel update contains a number of important fixes across the tree.

Read More

What is the vulnerability? A zero-day security vulnerability has been uncovered in an enterprise file-transfer software CrushFTP. The vulnerability tagged as CVE-2024-4040 is actively being exploited in targeted attacks and has also been added to the CISA Known Exploited Vulnerabilities (KEV) list. The vulnerability allows unauthenticated remote attackers to read files from the file system outside of the VFS Sandbox, gain administrative access, and perform remote code execution on the server.What is the vendor Mitigation? According to the vendor advisory, CrushFTP versions prior to 10.7.1 and 11.1.0 are vulnerable to CVE-2024-4040 and being advised to immediately apply the patch. What FortiGuard Coverage is available? Endpoint vulnerability service is available to help detect vulnerable endpoints running the CrushFTP server application. FortiGuard Labs is further investigating for additional coverages.

Read More

FEDORA-2024-11821b16ac

Packages in this update:

gdcm-3.0.23-5.fc39

Update description:

Security fixes

TALOS-2024-1924, CVE-2024-22391: heap overflow
TALOS-2024-1935, CVE-2024-22373: out-of-bounds write
TALOS-2024-1944, CVE-2024-25569: out-of-bounds read

Bug fixes

Replace deprecated PyEval_CallObject for compatibility with Python 3.13

Read More